feat: add acme.sh role
This commit is contained in:
mustard
parent
1b2a39518b
commit
2950835407
4 changed files with 85 additions and 0 deletions
6
roles/acme.sh/files/acme.sh-reload.path
Normal file
6
roles/acme.sh/files/acme.sh-reload.path
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
[Path]
|
||||
PathModified=/srv/acme.sh/.reload
|
||||
TriggerLimitIntervalSec=0
|
||||
TriggerLimitBurst=0
|
||||
[Install]
|
||||
WantedBy=paths.target
|
||||
7
roles/acme.sh/files/acme.sh-reload.service
Normal file
7
roles/acme.sh/files/acme.sh-reload.service
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# This service cannot and should not be enabled directly.
|
||||
[Unit]
|
||||
Description=Reload NGINX on command from acme.sh
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/systemctl restart nginx
|
||||
ExecStart=/usr/bin/rm /srv/acme.sh/.reload
|
||||
20
roles/acme.sh/files/acme.sh.container
Normal file
20
roles/acme.sh/files/acme.sh.container
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
[Unit]
|
||||
Description=acme.sh container
|
||||
|
||||
[Container]
|
||||
ContainerName=acme.sh
|
||||
Exec=daemon
|
||||
Image=ghcr.io/polarix-containers/acme.sh:latest
|
||||
EnvironmentFile=/secrets/acme.sh.env
|
||||
Volume=/srv/acme.sh:/acme.sh:Z
|
||||
Volume=/srv/certs:/certs:z
|
||||
PodmanArgs=--runtime runsc --security-opt label:disable
|
||||
Label=disable
|
||||
AutoUpdate=registry
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
||||
52
roles/acme.sh/tasks/main.yaml
Normal file
52
roles/acme.sh/tasks/main.yaml
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
- name: Create acme.sh dir
|
||||
ansible.builtin.file:
|
||||
path: /srv/acme.sh
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Create certs dir if it doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: /srv/certs
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Copy over acme.sh.container file
|
||||
ansible.builtin.copy:
|
||||
src: ./files/acme.sh.container
|
||||
dest: /etc/containers/systemd/acme.sh.container
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Copy over acme.sh reload path file
|
||||
ansible.builtin.copy:
|
||||
src: ./acme.sh-reload.path
|
||||
dest: /etc/systemd/system/acme.sh-reload.path
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Copy over acme.sh reload service file
|
||||
ansible.builtin.copy:
|
||||
src: ./acme.sh-reload.service
|
||||
dest: /etc/systemd/system/acme.sh-reload.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Run systemctl daemon-reload
|
||||
ansible.builtin.systemd_service:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Start acme.sh container
|
||||
ansible.builtin.systemd_service:
|
||||
name: acme.sh.service
|
||||
state: restarted
|
||||
|
||||
- name: Start acme.sh reload service
|
||||
ansible.builtin.systemd_service:
|
||||
name: acme.sh-reload.path
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue