diff --git a/roles/lego/files/lego.sh b/roles/lego/files/lego.sh index f6a4a04..98c7060 100755 --- a/roles/lego/files/lego.sh +++ b/roles/lego/files/lego.sh @@ -1,5 +1,9 @@ #!/usr/bin/env sh +set -a +. ./service.env +set +a + domain="$1" action="${2:-renew}" diff --git a/roles/lego/files/node002/db.serguzim.me b/roles/lego/files/node002/db.serguzim.me index 09602b9..b411f33 100755 --- a/roles/lego/files/node002/db.serguzim.me +++ b/roles/lego/files/node002/db.serguzim.me @@ -2,15 +2,15 @@ domain="db.serguzim.me" -docker compose run --rm app "$1" "$domain" - _install() { install --owner=postgres --group=postgres --mode=600 \ - "/opt/services/_certificates/$domain.$1" \ - "/var/lib/postgresql/server.$1" + "$CERTIFICATES_PATH/$domain.$1" \ + "/var/lib/postgres/data/server.$1" } _install crt _install key sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload + +# vim: ft=sh diff --git a/roles/lego/files/node002/msrg.cc b/roles/lego/files/node002/msrg.cc new file mode 100755 index 0000000..7797db0 --- /dev/null +++ b/roles/lego/files/node002/msrg.cc @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +domain="msrg.cc" + +tmpdir=$(mktemp -d) +trap 'rm -rf $tmpdir' EXIT + +cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem" +cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem" + +curl \ + -F submit="submit" \ + -F token="$WIUWIU_TOKEN" \ + -F "cert=@$tmpdir/fullchain.pem" \ + -F "key=@$tmpdir/privkey.pem" \ + https://cert-upload.wiuwiu.de/ + +# vim: ft=sh diff --git a/roles/lego/files/node002/registry.serguzim.me b/roles/lego/files/node002/registry.serguzim.me index 09e444c..4f564c7 100755 --- a/roles/lego/files/node002/registry.serguzim.me +++ b/roles/lego/files/node002/registry.serguzim.me @@ -2,11 +2,9 @@ domain="registry.serguzim.me" -docker compose run --rm app "$1" "$domain" - _install() { install --owner=root --group=root --mode=600 \ - "/opt/services/_certificates/$domain.$1" \ + "$CERTIFICATES_PATH/$domain.$1" \ "/opt/services/harbor/server.$1" } @@ -14,4 +12,6 @@ _install crt _install key export HARBOR_BUNDLE_DIR=/opt/services/harbor -$HARBOR_BUNDLE_DIR/data/install.sh +$HARBOR_BUNDLE_DIR/harbor/install.sh + +# vim: ft=sh diff --git a/roles/lego/tasks/systemd.yml b/roles/lego/tasks/systemd.yml index 21e99bf..d31cb31 100644 --- a/roles/lego/tasks/systemd.yml +++ b/roles/lego/tasks/systemd.yml @@ -11,13 +11,14 @@ dest: /etc/systemd/system/lego@.timer mode: "0644" become: true -- name: Enable the system timer for {{ item }} +- name: Enable the system timers ansible.builtin.systemd_service: name: lego@{{ item }}.timer state: started enabled: true daemon_reload: true loop: + - msrg.cc - db.serguzim.me - registry.serguzim.me become: true diff --git a/roles/lego/vars/main.yml b/roles/lego/vars/main.yml index 460fb79..3ceec71 100644 --- a/roles/lego/vars/main.yml +++ b/roles/lego/vars/main.yml @@ -9,6 +9,9 @@ lego_env: LEGO_EMAIL: "{{ admin_email }}" LEGO_PATH: /data + CERTIFICATES_PATH: "{{ certificates_path }}" + WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}" + lego_compose: watchtower: false network: false