ansible-ffibk/roles/service-nginx/templates/ssl_certs.cron.j2

28 lines
801 B
Text
Raw Permalink Normal View History

#!/bin/sh
{% if acme_server == 'zuckerwatte' %}
DOMAINS="{{ inventory_hostname_short }}.{{ http_domain_external }}"
{% else %}
DOMAINS={{ http_domain_external }}
{% endif %}
LOCAL_DIR="/etc/nginx/ssl"
for DOMAIN in $DOMAINS;
do
#Get Certs
{% if acme_server == 'zuckerwatte' %}
rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_rsa -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
{% else %}
rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_ed25519 -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
{% endif %}
#Fix Permissions
chmod 0550 $LOCAL_DIR/$DOMAIN
chmod 0440 $LOCAL_DIR/$DOMAIN/*
done
#Fix owners
chown -R www-data:admin $LOCAL_DIR
#restart
systemctl reload nginx.service || systemctl start nginx.service