certbot: add possibility to specify commands to run on new certs
This makes it possible to e.g. reload nginx when new certificates are present.
This commit is contained in:
parent
e53da90160
commit
95a3901935
|
@ -1 +1,2 @@
|
||||||
certbot__http_01_port: 31820
|
certbot__http_01_port: 31820
|
||||||
|
certbot__new_cert_commands: [ ]
|
||||||
|
|
|
@ -26,3 +26,11 @@ argument_specs:
|
||||||
type: str
|
type: str
|
||||||
required: false
|
required: false
|
||||||
default: 31820
|
default: 31820
|
||||||
|
certbot__new_cert_commands:
|
||||||
|
description: >-
|
||||||
|
A list of commands to execute after getting a new certificate.
|
||||||
|
Will be added into a bash script.
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
required: false
|
||||||
|
default: [ ]
|
||||||
|
|
|
@ -2,6 +2,10 @@
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_tasks:
|
||||||
file: main/install.yaml
|
file: main/install.yaml
|
||||||
|
|
||||||
|
- name: ensure new cert commands
|
||||||
|
ansible.builtin.import_tasks:
|
||||||
|
file: main/new_cert_commands.yaml
|
||||||
|
|
||||||
- name: ensure certificates
|
- name: ensure certificates
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_tasks:
|
||||||
file: main/certs.yaml
|
file: main/certs.yaml
|
||||||
|
|
17
playbooks/roles/certbot/tasks/main/new_cert_commands.yaml
Normal file
17
playbooks/roles/certbot/tasks/main/new_cert_commands.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
- name: ensure existence of renewal deploy hooks directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/letsencrypt/renewal-hooks/deploy
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: ensure renewal deploy hook commands
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: renewal_deploy_hook_commands.sh.j2
|
||||||
|
dest: /etc/letsencrypt/renewal-hooks/deploy/ansible_commands.sh
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0770"
|
||||||
|
become: true
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{% for command in certbot__new_cert_commands %}
|
||||||
|
{{ command }}
|
||||||
|
{% endfor %}
|
Loading…
Reference in a new issue