more graceful handling of lack of updates
parent
33640e54fd
commit
1f6b461070
|
|
@ -1,41 +1,52 @@
|
|||
.PHONY: all fetch_certs reload_nginx refresh_pg
|
||||
WD=/var/lib/dags/rsync_letsencrypt
|
||||
|
||||
all: fetch_certs reload_nginx refresh_pg
|
||||
SYNC=$(WD)/synced_files
|
||||
NGINX_RELOAD=$(WD)/nginx_reload
|
||||
|
||||
.PHONY: all refresh_pg
|
||||
|
||||
all: $(SYNC) $(NGINX_RELOAD) refresh_pg
|
||||
|
||||
LETSENCRYPT_PATH=/mnt/letsencrypt
|
||||
|
||||
###############################################################################
|
||||
# Fetch the certificates from my remote server using rsync
|
||||
#
|
||||
# The combination of `--info=NAME` and pipe into grep means this target will
|
||||
# have a non-zero exit code if nothing has been updated.
|
||||
# The combination of `--info=NAME` and pipe into `ifne tee` means this target will
|
||||
# be updated only if new files have been synced.
|
||||
# If new files have been synced, their paths will be stored to the target.
|
||||
# This way, the other targets will run only when some certificate has been
|
||||
# updated
|
||||
# updated.
|
||||
|
||||
REMOTE_LETSENCRYPT_PATH=rsync://user@caladan/letsencrypt
|
||||
RSYNCD_PASSWD=/mnt/secrets/rsyncd_password
|
||||
RSYNC_OPTS=--archive --delete --acls --xattrs --compress --human-readable
|
||||
|
||||
fetch_certs:
|
||||
$(SYNC):
|
||||
mkdir -p $(@D)
|
||||
rsync \
|
||||
$(RSYNC_OPTS) \
|
||||
--info=NAME \
|
||||
--password-file=$(RSYNCD_PASSWD) \
|
||||
$(REMOTE_LETSENCRYPT_PATH) \
|
||||
$(LETSENCRYPT_PATH) \
|
||||
grep .
|
||||
$(LETSENCRYPT_PATH) | \
|
||||
ifne tee $@
|
||||
|
||||
###############################################################################
|
||||
# Reload the nginx instance running on my reverse proxy docker-compose service
|
||||
# so that it uses the new certificates
|
||||
# so that it uses the new certificates.
|
||||
# The target is just an empty sentinel target with no meaningful data other
|
||||
# than its modification date
|
||||
|
||||
NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml
|
||||
|
||||
reload_nginx: fetch_certs
|
||||
$(NGINX_RELOAD): $(SYNC)
|
||||
mkdir -p $(@D)
|
||||
docker-compose \
|
||||
--file $(NGINX_COMPOSE_FILE) \
|
||||
exec nginx \
|
||||
nginx -s reload
|
||||
touch $@
|
||||
|
||||
###############################################################################
|
||||
# Copy the certificate for the postgresql domain to the folder where postgre
|
||||
|
|
@ -46,8 +57,8 @@ reload_nginx: fetch_certs
|
|||
PG_DOMAIN=pg.monotremata.xyz
|
||||
PG_SSL_PATH=/mnt/docker_volumes/postgres/ssl
|
||||
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: fetch_certs
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: fetch_certs
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: $(SYNC)
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: $(SYNC)
|
||||
|
||||
$(PG_SSL_PATH)/server.crt: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem
|
||||
mkdir -p $(@D)
|
||||
|
|
|
|||
Loading…
Reference in New Issue