Page MenuHomeDevCentral
Files F11722561

No OneTemporary
Actions

View Options

diff --git a/roles/core/letsencrypt-renew/files/letsencrypt.service b/roles/core/letsencrypt/files/letsencrypt-renew.service
similarity index 92%
rename from roles/core/letsencrypt-renew/files/letsencrypt.service
rename to roles/core/letsencrypt/files/letsencrypt-renew.service
index 757bf4f..8a8f195 100644
--- a/roles/core/letsencrypt-renew/files/letsencrypt.service
+++ b/roles/core/letsencrypt/files/letsencrypt-renew.service
@@ -1,22 +1,22 @@
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
# Source file: roles/core/letsencrypt-renew/files/letsencrypt.service
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
[Unit]
Description=Renew Let's encrypt certificates.
[Service]
-Type=simple
-ExecStart=letsencrypt-renewal
+Type=oneshot
+ExecStart=/usr/local/sbin/letsencrypt-renewal
diff --git a/roles/core/letsencrypt-renew/files/letsencrypt.timer b/roles/core/letsencrypt/files/letsencrypt-renew.timer
similarity index 95%
rename from roles/core/letsencrypt-renew/files/letsencrypt.timer
rename to roles/core/letsencrypt/files/letsencrypt-renew.timer
index a98b662..85c635c 100644
--- a/roles/core/letsencrypt-renew/files/letsencrypt.timer
+++ b/roles/core/letsencrypt/files/letsencrypt-renew.timer
@@ -1,23 +1,25 @@
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
# Source file: roles/core/letsencrypt-renew/files/letsencrypt.timer
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
[Unit]
Description=Runs letsencrypt-renewal every month
[Timer]
OnCalendar=*-*-26 12:15:00
Persistent=yes
-Unit=letsencrypt.service
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh b/roles/core/letsencrypt/files/letsencrypt-renewal.sh
similarity index 93%
rename from roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
rename to roles/core/letsencrypt/files/letsencrypt-renewal.sh
index eef1a63..61ef1ac 100755
--- a/roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
+++ b/roles/core/letsencrypt/files/letsencrypt-renewal.sh
@@ -1,31 +1,31 @@
#!/bin/sh
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
# Source file: roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
nginx_test() {
nginx_output="$(nginx -t 2>&1)"
nginx_returncode="$?"
if [ "$nginx_returncode" -eq 0 ] && [ -n "$(echo "${nginx_output}" | grep warn)" ]; then
return 2;
else
return "$nginx_returncode";
fi;
}
-letsencrypt renew && nginx_test && service nginx restart
+certbot renew && nginx_test && service nginx restart
diff --git a/roles/core/letsencrypt/init.sls b/roles/core/letsencrypt/init.sls
new file mode 100644
index 0000000..232a28a
--- /dev/null
+++ b/roles/core/letsencrypt/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .software
+ - .service
diff --git a/roles/core/letsencrypt/service.sls b/roles/core/letsencrypt/service.sls
new file mode 100644
index 0000000..ccd39d1
--- /dev/null
+++ b/roles/core/letsencrypt/service.sls
@@ -0,0 +1,44 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# Description: Provide a renewal service
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Renew script
+# -------------------------------------------------------------
+
+/usr/local/sbin/letsencrypt-renewal:
+ file.managed:
+ - source: salt://roles/core/letsencrypt/files/letsencrypt-renewal.sh
+ - mode: 0755
+
+# -------------------------------------------------------------
+# Unit configuration
+# -------------------------------------------------------------
+
+{% if services['manager'] == 'systemd' %}
+
+letsencrypt_renew_unit:
+ file.managed:
+ - name: /etc/systemd/system/letsencrypt-renew.service
+ - source: salt://roles/core/letsencrypt/files/letsencrypt-renew.service
+ - mode: 0644
+ module.run:
+ - name: service.force_reload
+ - m_name: letsencrypt-renew
+ - onchanges:
+ - file: letsencrypt_renew_unit
+
+letsencrypt_renew_enable:
+ service.enabled:
+ - name: letsencrypt-renew
+ - watch:
+ - module: letsencrypt_renew_unit
+
+{% endif %}
diff --git a/roles/core/letsencrypt/software.sls b/roles/core/letsencrypt/software.sls
new file mode 100644
index 0000000..5025083
--- /dev/null
+++ b/roles/core/letsencrypt/software.sls
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# Description: Provide a renewal service
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+letsencrypt_software:
+ pkg.installed:
+ {% if grains['os'] == 'FreeBSD' %}
+ - name: py27-certbot
+ {% else %}
+ - name: certbot
+ {% endif %}
diff --git a/top.sls b/top.sls
index d7725b5..b00e9b9 100644
--- a/top.sls
+++ b/top.sls
@@ -1,23 +1,24 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- roles/core/rc
- roles/core/hostname
- roles/core/network
- roles/core/motd
- roles/core/rsyslog
- roles/core/sshd
+ - roles/core/letsencrypt
'eglide':
- roles/shellserver/users
- roles/shellserver/userland-software
- roles/shellserver/eglide-website
- roles/shellserver/vhosts
- roles/shellserver/web-hosting
- roles/shellserver/odderon

File Metadata

Mime Type
text/x-diff
Expires
Thu, Sep 18, 03:29 (13 h, 44 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2989922
Default Alt Text
(7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator