role/nginx: add timer for dehydrated / lets encrypt

fixed #21
This commit is contained in:
Geno 2021-03-06 18:50:38 +01:00
parent aa2063743c
commit 3c1aed2eee
4 changed files with 31 additions and 1 deletions

@ -1 +1 @@
Subproject commit 0474dc8d0c7031f7fcb58484c9c6552b1b9869eb Subproject commit 1aa082a2101c69f8cfc13a31604991b0c3dfa8e5

View File

@ -16,6 +16,20 @@
args: args:
creates: /var/lib/dehydrated/accounts creates: /var/lib/dehydrated/accounts
- name: Install letsencrypt cronjob
template:
dest: "/etc/systemd/system/{{ item }}"
src: "{{ item }}"
with_items:
- dehydrated.service
- dehydrated.timer
- name: Start lets encrypt cronjob
systemd:
name: dehydrated.timer
state: started
enabled: yes
- name: nginx default config - name: nginx default config
notify: reload nginx notify: reload nginx
template: template:
@ -27,3 +41,5 @@
template: template:
src: snippets-tls.nginx src: snippets-tls.nginx
dest: /etc/nginx/snippets/tls-acme.conf dest: /etc/nginx/snippets/tls-acme.conf

View File

@ -0,0 +1,6 @@
[Unit]
Description=Check and renew ACME TLS certificates
[Service]
Type=oneshot
ExecStart=/usr/bin/dehydrated -c

View File

@ -0,0 +1,8 @@
[Unit]
Description=Check and renew ACME TLS certificates
[Timer]
OnCalendar=daily UTC
[Install]
WantedBy=timers.target