certbot: add possibility to specify commands to run on new certs
This makes it possible to e.g. reload nginx when new certificates are present.
This commit is contained in:
parent
e53da90160
commit
95a3901935
|
@ -1 +1,2 @@
|
|||
certbot__http_01_port: 31820
|
||||
certbot__new_cert_commands: [ ]
|
||||
|
|
|
@ -26,3 +26,11 @@ argument_specs:
|
|||
type: str
|
||||
required: false
|
||||
default: 31820
|
||||
certbot__new_cert_commands:
|
||||
description: >-
|
||||
A list of commands to execute after getting a new certificate.
|
||||
Will be added into a bash script.
|
||||
type: list
|
||||
elements: str
|
||||
required: false
|
||||
default: [ ]
|
||||
|
|
|
@ -2,6 +2,10 @@
|
|||
ansible.builtin.import_tasks:
|
||||
file: main/install.yaml
|
||||
|
||||
- name: ensure new cert commands
|
||||
ansible.builtin.import_tasks:
|
||||
file: main/new_cert_commands.yaml
|
||||
|
||||
- name: ensure certificates
|
||||
ansible.builtin.import_tasks:
|
||||
file: main/certs.yaml
|
||||
|
|
17
playbooks/roles/certbot/tasks/main/new_cert_commands.yaml
Normal file
17
playbooks/roles/certbot/tasks/main/new_cert_commands.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
- name: ensure existence of renewal deploy hooks directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/letsencrypt/renewal-hooks/deploy
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
become: true
|
||||
|
||||
- name: ensure renewal deploy hook commands
|
||||
ansible.builtin.template:
|
||||
src: renewal_deploy_hook_commands.sh.j2
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/ansible_commands.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0770"
|
||||
become: true
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
{% for command in certbot__new_cert_commands %}
|
||||
{{ command }}
|
||||
{% endfor %}
|
Loading…
Reference in a new issue