diff --git a/roles/certsync/defaults/main.yml b/roles/certsync/defaults/main.yml index a0ceb3a..5583c0a 100644 --- a/roles/certsync/defaults/main.yml +++ b/roles/certsync/defaults/main.yml @@ -1,5 +1,4 @@ --- certsync_dir: /etc/ssl/certsync -certsync_host: srv02.hamburg.freifunk.net +certsync_host: srv01.hamburg.freifunk.net certsync_key: /root/.ssh/certsync -certsync_script: /usr/local/sbin/certsync diff --git a/roles/certsync/tasks/main.yml b/roles/certsync/tasks/main.yml index 00d886e..bff0f13 100644 --- a/roles/certsync/tasks/main.yml +++ b/roles/certsync/tasks/main.yml @@ -7,18 +7,24 @@ - name: template certsync script template: - src: templates/certsync.j2 - dest: "{{ certsync_script }}" + src: certsync + dest: /usr/local/sbin/ owner: root group: staff mode: 0550 tags: certsync -- name: create cronjob - cron: - name: TLS Zertifikate synchronisieren - job: "{{ certsync_script }}" - minute: "0" - hour: "7" - weekday: "1" - tags: certsync +- name: template certsync timer + template: + src: "{{ item }}" + dest: /lib/systemd/system/ + with_items: + - certsync.service + - certsync.timer + +- name: enable certsync timer + systemd: + name: certsync.timer + state: started + enabled: yes + daemon_reload: yes diff --git a/roles/certsync/templates/certsync.j2 b/roles/certsync/templates/certsync similarity index 92% rename from roles/certsync/templates/certsync.j2 rename to roles/certsync/templates/certsync index 3dc2787..3af20c8 100755 --- a/roles/certsync/templates/certsync.j2 +++ b/roles/certsync/templates/certsync @@ -19,5 +19,5 @@ chmod 440 $CERT_DIR/* COUNT=$(find $CERT_DIR -mtime -7 | wc -l) if [ $COUNT -gt 0 ]; then - service nginx reload > /dev/null + systemctl reload nginx > /dev/null fi diff --git a/roles/certsync/templates/certsync.service b/roles/certsync/templates/certsync.service new file mode 100644 index 0000000..aa4aa34 --- /dev/null +++ b/roles/certsync/templates/certsync.service @@ -0,0 +1,6 @@ +[Unit] +Description=Synchronize TLS certificates from {{ certsync_host }} + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/certsync diff --git a/roles/certsync/templates/certsync.timer b/roles/certsync/templates/certsync.timer new file mode 100644 index 0000000..df98dc7 --- /dev/null +++ b/roles/certsync/templates/certsync.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Weekly certsync run + +[Timer] +OnCalendar=Mon *-*-* 05:00 +RandomizedDelaySec=60m +Persistent=true + +[Install] +WantedBy=timers.target