Fix pre-commit hooks and move directories

roles/ and inventory/ are now in playbooks/
also fixed issues reported by ansible-lint

playbooks/roles/lego/files/hook.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+cp -f "$LEGO_CERT_PATH" /certificates
+cp -f "$LEGO_CERT_KEY_PATH" /certificates
+
+exit 33 # special exit code to signal that the certificate has been updated

playbooks/roles/lego/files/hooks/auth.serguzim.me

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh
+
+domain="auth.serguzim.me"
+
+_install() {
+  install --owner=root --group=root --mode=600 \
+	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/opt/services/authentik/certs/$domain.$2"
+}
+
+_install crt pem
+_install key key

playbooks/roles/lego/files/hooks/db.serguzim.me

@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+domain="db.serguzim.me"
+
+_install() {
+  install --owner=postgres --group=postgres --mode=600 \
+	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/var/lib/postgres/data/server.$1"
+}
+
+_install crt
+_install key
+
+sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
+
+# vim: ft=sh

playbooks/roles/lego/files/lego.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env sh
+
+set -a
+. ./service.env
+set +a
+
+domain="$1"
+action="run"
+
+exisiting_domains=$(docker compose run --rm app list -n)
+
+if echo "$exisiting_domains" | grep -q "$domain";
+then
+	action="renew"
+fi
+
+docker compose run --rm app \
+	--domains "$domain" \
+	"$action" \
+	"--$action-hook" "/config/hook.sh"
+
+if [ "$?" = "33" ] && [ -x "./hooks/$domain" ];
+then
+	echo "Running hook for $domain"
+	"./hooks/$domain"
+fi

playbooks/roles/lego/files/lego@.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Renew certificates
+
+[Timer]
+Persistent=true
+OnCalendar=*-*-* 01:15:00
+RandomizedDelaySec=2h
+
+[Install]
+WantedBy=timers.target