diff --git a/roles/webserver-core/letsencrypt/files/cli.ini b/roles/webserver-core/letsencrypt/files/cli.ini
index e4ae021..d0ab373 100644
--- a/roles/webserver-core/letsencrypt/files/cli.ini
+++ b/roles/webserver-core/letsencrypt/files/cli.ini
@@ -1,27 +1,27 @@
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/letsencrypt-renew/files/letsencrypt.timer
+# Source file: roles/webserver-core/letsencrypt/files/letsencrypt.timer
# -------------------------------------------------------------
#
#
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
#
# Configuration
server = https://acme-v01.api.letsencrypt.org/directory
authenticator = webroot
webroot-path = /var/letsencrypt-auto
# Automation
email = ops-tls@nasqueron.org
agree-tos = True
keep-until-expiring = True
eff-email = False
expand = True
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service b/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
index 8a8f195..11f9a3e 100644
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
+++ b/roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
@@ -1,22 +1,22 @@
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/letsencrypt-renew/files/letsencrypt.service
+# Source file: roles/webserver-core/letsencrypt/files/letsencrypt.service
# -------------------------------------------------------------
#
#
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
#
[Unit]
Description=Renew Let's encrypt certificates.
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/letsencrypt-renewal
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer b/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer
index 85c635c..2809a1f 100644
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer
+++ b/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer
@@ -1,25 +1,25 @@
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/letsencrypt-renew/files/letsencrypt.timer
+# Source file: roles/webserver-core/letsencrypt/files/letsencrypt.timer
# -------------------------------------------------------------
#
#
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
#
[Unit]
Description=Runs letsencrypt-renewal every month
[Timer]
OnCalendar=*-*-26 12:15:00
Persistent=yes
[Install]
WantedBy=timers.target
diff --git a/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh b/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
index 61ef1ac..ac5968e 100755
--- a/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
+++ b/roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
@@ -1,31 +1,31 @@
#!/bin/sh
# -------------------------------------------------------------
# Let's encrypt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-08-24
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
+# Source file: roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
# -------------------------------------------------------------
#
#
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
#
nginx_test() {
nginx_output="$(nginx -t 2>&1)"
nginx_returncode="$?"
if [ "$nginx_returncode" -eq 0 ] && [ -n "$(echo "${nginx_output}" | grep warn)" ]; then
return 2;
else
return "$nginx_returncode";
fi;
}
certbot renew && nginx_test && service nginx restart
diff --git a/roles/webserver-core/letsencrypt/service.sls b/roles/webserver-core/letsencrypt/service.sls
index ccd39d1..4ee447e 100644
--- a/roles/webserver-core/letsencrypt/service.sls
+++ b/roles/webserver-core/letsencrypt/service.sls
@@ -1,44 +1,44 @@
# -------------------------------------------------------------
# Salt — Let's encrypt certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
# Description: Provide a renewal service
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Renew script
# -------------------------------------------------------------
/usr/local/sbin/letsencrypt-renewal:
file.managed:
- - source: salt://roles/core/letsencrypt/files/letsencrypt-renewal.sh
+ - source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
- mode: 0755
# -------------------------------------------------------------
# Unit configuration
# -------------------------------------------------------------
{% if services['manager'] == 'systemd' %}
letsencrypt_renew_unit:
file.managed:
- name: /etc/systemd/system/letsencrypt-renew.service
- - source: salt://roles/core/letsencrypt/files/letsencrypt-renew.service
+ - source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
- mode: 0644
module.run:
- name: service.force_reload
- m_name: letsencrypt-renew
- onchanges:
- file: letsencrypt_renew_unit
letsencrypt_renew_enable:
service.enabled:
- name: letsencrypt-renew
- watch:
- module: letsencrypt_renew_unit
{% endif %}
diff --git a/roles/webserver-core/letsencrypt/software.sls b/roles/webserver-core/letsencrypt/software.sls
index a4d7054..cbc9194 100644
--- a/roles/webserver-core/letsencrypt/software.sls
+++ b/roles/webserver-core/letsencrypt/software.sls
@@ -1,35 +1,35 @@
# -------------------------------------------------------------
# Salt — Let's encrypt certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
# Description: Provide a renewal service
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages with context %}
# -------------------------------------------------------------
# Software
# -------------------------------------------------------------
letsencrypt_software:
pkg.installed:
- name: {{ packages.certbot }}
# -------------------------------------------------------------
# Working directory
# -------------------------------------------------------------
/var/letsencrypt-auto:
file.directory:
- user: root
- dir_mode: 711
# -------------------------------------------------------------
# Configuration file
# -------------------------------------------------------------
{{ dirs.etc }}/letsencrypt/cli.ini:
file.managed:
- - source: salt://roles/core/letsencrypt/files/cli.ini
+ - source: salt://roles/webserver-core/letsencrypt/files/cli.ini