Improve lego service to be more dynamic
This commit is contained in:
parent
fa2059bb32
commit
be3c610bd4
GPG key ID:
13AD60C237A28DFE
14 changed files with 64 additions and 46 deletions
|
|
@ -5,15 +5,22 @@ set -a
|
|||
set +a
|
||||
|
||||
domain="$1"
|
||||
action="${2:-renew}"
|
||||
action="run"
|
||||
|
||||
exisiting_domains=$(docker compose run --rm app list -n)
|
||||
|
||||
if echo "$exisiting_domains" | grep -q "$domain";
|
||||
then
|
||||
action="renew"
|
||||
fi
|
||||
|
||||
docker compose run --rm app \
|
||||
--domains "$domain" \
|
||||
"$action" \
|
||||
"--$action-hook" "/config/hook.sh"
|
||||
|
||||
if [ "$?" = "33" ] && [ -x "./lego.d/$domain" ];
|
||||
if [ "$?" = "33" ] && [ -x "./hooks/$domain" ];
|
||||
then
|
||||
echo "Running hook for $domain"
|
||||
"./lego.d/$domain"
|
||||
"./hooks/$domain"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="msrg.cc"
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'rm -rf $tmpdir' EXIT
|
||||
|
||||
cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
|
||||
cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
|
||||
|
||||
curl \
|
||||
-F submit="submit" \
|
||||
-F token="$WIUWIU_TOKEN" \
|
||||
-F "cert=@$tmpdir/fullchain.pem" \
|
||||
-F "key=@$tmpdir/privkey.pem" \
|
||||
https://cert-upload.wiuwiu.de/
|
||||
|
||||
# vim: ft=sh
|
||||
14
roles/lego/tasks/hooks.yml
Normal file
14
roles/lego/tasks/hooks.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Set hooks path
|
||||
ansible.builtin.set_fact:
|
||||
hooks_path: "{{ (service_path, 'hooks') | path_join }}"
|
||||
- name: Create hooks directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ hooks_path }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
- name: Copy the additional hooks
|
||||
ansible.builtin.copy:
|
||||
src: hooks/
|
||||
dest: "{{ hooks_path }}"
|
||||
mode: "0755"
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
- name: Set lego.d path
|
||||
ansible.builtin.set_fact:
|
||||
lego_d_path: "{{ (service_path, 'lego.d') | path_join }}"
|
||||
- name: Create lego.d directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ lego_d_path }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
- name: Copy the additional lego scripts
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ lego_d_path }}"
|
||||
mode: "0755"
|
||||
with_fileglob:
|
||||
- "{{ ansible_facts.hostname }}/*"
|
||||
|
|
@ -20,8 +20,8 @@
|
|||
|
||||
- name: Import tasks specific to the config directory
|
||||
ansible.builtin.import_tasks: config.yml
|
||||
- name: Import tasks specific to lego.d
|
||||
ansible.builtin.import_tasks: lego.d.yml
|
||||
- name: Import tasks specific to hooks
|
||||
ansible.builtin.import_tasks: hooks.yml
|
||||
- name: Import tasks specific to systemd
|
||||
ansible.builtin.import_tasks: systemd.yml
|
||||
|
||||
|
|
@ -33,3 +33,12 @@
|
|||
|
||||
- name: Import tasks create a service.env file
|
||||
ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
|
||||
|
||||
- name: Run certificate-script for domains
|
||||
ansible.builtin.command:
|
||||
cmd: "./lego.sh {{ item }}"
|
||||
chdir: "{{ service_path }}"
|
||||
become: true
|
||||
loop: "{{ lego_host_certificates }}"
|
||||
register: cmd_result
|
||||
changed_when: cmd_result.stderr | regex_search('Server responded with a certificate.')
|
||||
|
|
|
|||
|
|
@ -11,14 +11,30 @@
|
|||
dest: /etc/systemd/system/lego@.timer
|
||||
mode: "0644"
|
||||
become: true
|
||||
|
||||
- name: Get all lego timers
|
||||
ansible.builtin.shell:
|
||||
cmd: "systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
|
||||
register: systemd_timers_result
|
||||
changed_when: false
|
||||
|
||||
- name: Generate systemd timer names
|
||||
ansible.builtin.set_fact:
|
||||
lego_systemd_timers: "{{ lego_host_certificates | list_prefix_suffix('lego@', '.timer') }}"
|
||||
|
||||
- name: Disable unused system timers
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item }}"
|
||||
state: stopped
|
||||
enabled: false
|
||||
loop: "{{ systemd_timers_result.stdout_lines | difference(lego_systemd_timers) }}"
|
||||
become: true
|
||||
|
||||
- name: Enable the system timers
|
||||
ansible.builtin.systemd_service:
|
||||
name: lego@{{ item }}.timer
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- msrg.cc
|
||||
- db.serguzim.me
|
||||
- auth.serguzim.me
|
||||
loop: "{{ lego_systemd_timers }}"
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
lego_host_certificates: "{{ all_services | my_service_attributes(inventory_hostname, 'certificates') }}"
|
||||
|
||||
lego_svc:
|
||||
name: lego
|
||||
|
||||
|
|
@ -10,7 +12,6 @@ lego_env:
|
|||
LEGO_PATH: /data
|
||||
|
||||
CERTIFICATES_PATH: "{{ certificates_path }}"
|
||||
WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}"
|
||||
|
||||
lego_compose:
|
||||
watchtower: false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue