Page MenuHomeDevCentral
Files F5800718

D3626.id9378.diff
No OneTemporary
Actions

D3626.id9378.diff
View Options

diff --git a/roles/core/certificates/acmesh.sls b/roles/core/certificates/acmesh.sls
--- a/roles/core/certificates/acmesh.sls
+++ b/roles/core/certificates/acmesh.sls
@@ -5,6 +5,8 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% from "map.jinja" import dirs with context %}
+
acme.sh:
pkg.installed
@@ -27,3 +29,8 @@
file.managed:
- source: salt://roles/core/certificates/files/acmesh/acme.sh.cron
- makedirs: True
+
+{{ dirs.bin }}/acmesh-nginxCheck:
+ file.managed:
+ - source: salt://roles/core/certificates/files/acmesh-nginxCheck.sh
+ - mode: 755
diff --git a/roles/core/certificates/files/acmesh-nginxCheck.sh b/roles/core/certificates/files/acmesh-nginxCheck.sh
new file mode 100644
--- /dev/null
+++ b/roles/core/certificates/files/acmesh-nginxCheck.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Let's encrypt
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/core/certificates/files/letsencrypt-renewal.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+nginx_test() {
+ nginx_output="$(nginx -t 2>&1)"
+ nginx_return_code="$?"
+
+ if [ "$nginx_return_code" -eq 0 ] && echo "${nginx_output}" | grep warn >&2; then
+ return 2;
+ else
+ return "$nginx_return_code";
+ fi;
+}
+
+nginx_test && nginx -s reload
diff --git a/roles/core/certificates/init.sls b/roles/core/certificates/init.sls
--- a/roles/core/certificates/init.sls
+++ b/roles/core/certificates/init.sls
@@ -6,5 +6,6 @@
# -------------------------------------------------------------
include:
+ - .acmesh
- .nasqueron
- .letsencrypt
diff --git a/roles/core/sudo/files/acme b/roles/core/sudo/files/acme
new file mode 100644
--- /dev/null
+++ b/roles/core/sudo/files/acme
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# SaltStack deployment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/core/sudo/files/acme
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+acme ALL= NOPASSWD: {{ dirs.bin }}/acmesh-nginxCheck
diff --git a/roles/core/sudo/init.sls b/roles/core/sudo/init.sls
--- a/roles/core/sudo/init.sls
+++ b/roles/core/sudo/init.sls
@@ -21,9 +21,18 @@
# Sudo capabilities
#
# Ops should be able to sudo …
+# Acmesh should be able to sudo acmesh-nginxCheck
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/sudoers.d/ops:
file.managed:
- source: salt://roles/core/sudo/files/ops
- makedirs: True
+
+{{ dirs.etc }}/sudoers.d/acme:
+ file.managed:
+ - source: salt://roles/core/sudo/files/acme
+ - template: jinja
+ - makedirs: True
+ - context:
+ dirs: {{ dirs }}

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 16, 05:45 (20 h, 52 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2489077
Default Alt Text
D3626.id9378.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator