Improve lego service to be more dynamic

2024-10-13 16:33:09 +02:00 · 2024-10-13 16:33:09 +02:00 · be3c610bd4
commit be3c610bd4
parent fa2059bb32
14 changed files with 64 additions and 46 deletions
--- a/roles/lego/tasks/hooks.yml
+++ b/roles/lego/tasks/hooks.yml
@ -0,0 +1,14 @@
+---
+- name: Set hooks path
+  ansible.builtin.set_fact:
+    hooks_path: "{{ (service_path, 'hooks') | path_join }}"
+- name: Create hooks directory
+  ansible.builtin.file:
+    path: "{{ hooks_path }}"
+    state: directory
+    mode: "0755"
+- name: Copy the additional hooks
+  ansible.builtin.copy:
+    src: hooks/
+    dest: "{{ hooks_path }}"
+    mode: "0755"
--- a/roles/lego/tasks/lego.d.yml
+++ b/roles/lego/tasks/lego.d.yml
@ -1,16 +0,0 @@
---
- name: Set lego.d path
-  ansible.builtin.set_fact:
-    lego_d_path: "{{ (service_path, 'lego.d') | path_join }}"
- name: Create lego.d directory
-  ansible.builtin.file:
-    path: "{{ lego_d_path }}"
-    state: directory
-    mode: "0755"
- name: Copy the additional lego scripts
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "{{ lego_d_path }}"
-    mode: "0755"
-  with_fileglob:
-    - "{{ ansible_facts.hostname }}/*"
--- a/roles/lego/tasks/main.yml
+++ b/roles/lego/tasks/main.yml
@ -20,8 +20,8 @@

    - name: Import tasks specific to the config directory
      ansible.builtin.import_tasks: config.yml
-    - name: Import tasks specific to lego.d
-      ansible.builtin.import_tasks: lego.d.yml
+    - name: Import tasks specific to hooks
+      ansible.builtin.import_tasks: hooks.yml
    - name: Import tasks specific to systemd
      ansible.builtin.import_tasks: systemd.yml

@ -33,3 +33,12 @@

    - name: Import tasks create a service.env file
      ansible.builtin.import_tasks: tasks/steps/template-service-env.yml
+
+    - name: Run certificate-script for domains
+      ansible.builtin.command:
+        cmd: "./lego.sh {{ item }}"
+        chdir: "{{ service_path }}"
+      become: true
+      loop: "{{ lego_host_certificates }}"
+      register: cmd_result
+      changed_when: cmd_result.stderr | regex_search('Server responded with a certificate.')
--- a/roles/lego/tasks/systemd.yml
+++ b/roles/lego/tasks/systemd.yml
@ -11,14 +11,30 @@
    dest: /etc/systemd/system/lego@.timer
    mode: "0644"
  become: true
+
+- name: Get all lego timers
+  ansible.builtin.shell:
+    cmd: "systemctl list-timers 'lego@*' --all --output=json | jq -r '.[].unit'"
+  register: systemd_timers_result
+  changed_when: false
+
+- name: Generate systemd timer names
+  ansible.builtin.set_fact:
+    lego_systemd_timers: "{{ lego_host_certificates | list_prefix_suffix('lego@', '.timer') }}"
+
+- name: Disable unused system timers
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: false
+  loop: "{{ systemd_timers_result.stdout_lines | difference(lego_systemd_timers) }}"
+  become: true
+
 - name: Enable the system timers
  ansible.builtin.systemd_service:
-    name: lego@{{ item }}.timer
+    name: "{{ item }}"
    state: started
    enabled: true
    daemon_reload: true
-  loop:
-    - msrg.cc
-    - db.serguzim.me
-    - auth.serguzim.me
+  loop: "{{ lego_systemd_timers }}"
  become: true