roles/nginx: Add /etc/letsencrypt/hook.d/ system

55d79567 · Jan Alexander Steffens (heftig) · 51cc26ac · 55d79567 · 55d79567 · 55d79567
Verified Commit 55d79567 authored 8 years ago by Jan Alexander Steffens (heftig)
--- a/roles/nginx/files/certbot-renewal.service
+++ b/roles/nginx/files/certbot-renewal.service
@@ -3,5 +3,8 @@ Description=Let's Encrypt renewal
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/certbot renew --rsa-key-size 4096
+ExecStart=/usr/bin/certbot renew --rsa-key-size 4096 \
+    --pre-hook   "/etc/letsencrypt/hook.sh pre"      \
+    --post-hook  "/etc/letsencrypt/hook.sh post"     \
+    --renew-hook "/etc/letsencrypt/hook.sh renew"
 ExecStartPost=/bin/systemctl reload nginx.service
--- a/roles/nginx/files/hook.sh
+++ b/roles/nginx/files/hook.sh
+#!/bin/sh
+for f in /etc/letsencrypt/hook.d/*; do
+  if test -x "$f"; then
+    "$f" "$@"
+  fi
+done
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -32,6 +32,12 @@
 - name: create directory to store validation stuff in
  file: owner=root group=http mode=750 path={{ letsencrypt_validation_dir }} state=directory
+- name: install letsencrypt hook
+  copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=755
+- name: create letsencrypt hook dir
+  file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=755
 - name: install letsencrypt renewal service
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
  with_items: