ansible-ffibk/roles/service-nginx/templates/ssl_certs.cron.j2

#!/bin/sh
{% if acme_server == 'zuckerwatte' %}
DOMAINS="{{ inventory_hostname_short }}.{{ http_domain_external }}"
{% else %}
DOMAINS={{ http_domain_external }}
{% endif %}
LOCAL_DIR="/etc/nginx/ssl"

for DOMAIN in $DOMAINS;
do
 #Get Certs
 {% if acme_server == 'zuckerwatte' %}
 rsync --delete -rz -e  'ssh -i /home/admin/.ssh/id_rsa -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
 {% else %}
 rsync --delete -rz -e  'ssh -i /home/admin/.ssh/id_ed25519 -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
 {% endif %}

 #Fix Permissions
 chmod 0550 $LOCAL_DIR/$DOMAIN
 chmod 0440 $LOCAL_DIR/$DOMAIN/*
done

#Fix owners
chown -R www-data:admin $LOCAL_DIR

#restart
systemctl reload nginx.service || systemctl start nginx.service
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00			`#!/bin/sh`
Introduce Kumpir, our new www server, add wordpress role (#26) * Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon. 2019-09-26 22:13:13 +02:00			`{% if acme_server == 'zuckerwatte' %}`
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00			`DOMAINS="{{ inventory_hostname_short }}.{{ http_domain_external }}"`
Introduce Kumpir, our new www server, add wordpress role (#26) * Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon. 2019-09-26 22:13:13 +02:00			`{% else %}`
			`DOMAINS={{ http_domain_external }}`
			`{% endif %}`
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00			`LOCAL_DIR="/etc/nginx/ssl"`

			`for DOMAIN in $DOMAINS;`
			`do`
			`#Get Certs`
Introduce Kumpir, our new www server, add wordpress role (#26) * Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon. 2019-09-26 22:13:13 +02:00			`{% if acme_server == 'zuckerwatte' %}`
Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00			`rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_rsa -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN`
Introduce Kumpir, our new www server, add wordpress role (#26) * Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon. 2019-09-26 22:13:13 +02:00			`{% else %}`
			`rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_ed25519 -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN`
			`{% endif %}`

Role service-nginx: add tasks to forward ACME HTTP requests and fetch certificates 2018-06-15 09:04:33 +02:00			`#Fix Permissions`
			`chmod 0550 $LOCAL_DIR/$DOMAIN`
			`chmod 0440 $LOCAL_DIR/$DOMAIN/*`
			`done`

			`#Fix owners`
			`chown -R www-data:admin $LOCAL_DIR`

			`#restart`
service-nginx: try to start nginx.service if reload fails 2018-08-07 10:43:05 +02:00			`systemctl reload nginx.service \|\| systemctl start nginx.service`