feat: add acme.sh role
This commit is contained in:
mustard
parent
1b2a39518b
commit
2950835407
4 changed files with 85 additions and 0 deletions
6
roles/acme.sh/files/acme.sh-reload.path
Normal file
6
roles/acme.sh/files/acme.sh-reload.path
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
[Path]
|
||||
PathModified=/srv/acme.sh/.reload
|
||||
TriggerLimitIntervalSec=0
|
||||
TriggerLimitBurst=0
|
||||
[Install]
|
||||
WantedBy=paths.target
|
||||
7
roles/acme.sh/files/acme.sh-reload.service
Normal file
7
roles/acme.sh/files/acme.sh-reload.service
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# This service cannot and should not be enabled directly.
|
||||
[Unit]
|
||||
Description=Reload NGINX on command from acme.sh
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/systemctl restart nginx
|
||||
ExecStart=/usr/bin/rm /srv/acme.sh/.reload
|
||||
20
roles/acme.sh/files/acme.sh.container
Normal file
20
roles/acme.sh/files/acme.sh.container
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
[Unit]
|
||||
Description=acme.sh container
|
||||
|
||||
[Container]
|
||||
ContainerName=acme.sh
|
||||
Exec=daemon
|
||||
Image=ghcr.io/polarix-containers/acme.sh:latest
|
||||
EnvironmentFile=/secrets/acme.sh.env
|
||||
Volume=/srv/acme.sh:/acme.sh:Z
|
||||
Volume=/srv/certs:/certs:z
|
||||
PodmanArgs=--runtime runsc --security-opt label:disable
|
||||
Label=disable
|
||||
AutoUpdate=registry
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue