more graceful handling of lack of updates

main
Ricard Illa 2022-09-05 18:16:22 +02:00
parent 33640e54fd
commit 1f6b461070
1 changed files with 23 additions and 12 deletions

View File

@ -1,41 +1,52 @@
.PHONY: all fetch_certs reload_nginx refresh_pg WD=/var/lib/dags/rsync_letsencrypt
all: fetch_certs reload_nginx refresh_pg SYNC=$(WD)/synced_files
NGINX_RELOAD=$(WD)/nginx_reload
.PHONY: all refresh_pg
all: $(SYNC) $(NGINX_RELOAD) refresh_pg
LETSENCRYPT_PATH=/mnt/letsencrypt LETSENCRYPT_PATH=/mnt/letsencrypt
############################################################################### ###############################################################################
# Fetch the certificates from my remote server using rsync # Fetch the certificates from my remote server using rsync
# #
# The combination of `--info=NAME` and pipe into grep means this target will # The combination of `--info=NAME` and pipe into `ifne tee` means this target will
# have a non-zero exit code if nothing has been updated. # be updated only if new files have been synced.
# If new files have been synced, their paths will be stored to the target.
# This way, the other targets will run only when some certificate has been # This way, the other targets will run only when some certificate has been
# updated # updated.
REMOTE_LETSENCRYPT_PATH=rsync://user@caladan/letsencrypt REMOTE_LETSENCRYPT_PATH=rsync://user@caladan/letsencrypt
RSYNCD_PASSWD=/mnt/secrets/rsyncd_password RSYNCD_PASSWD=/mnt/secrets/rsyncd_password
RSYNC_OPTS=--archive --delete --acls --xattrs --compress --human-readable RSYNC_OPTS=--archive --delete --acls --xattrs --compress --human-readable
fetch_certs: $(SYNC):
mkdir -p $(@D)
rsync \ rsync \
$(RSYNC_OPTS) \ $(RSYNC_OPTS) \
--info=NAME \ --info=NAME \
--password-file=$(RSYNCD_PASSWD) \ --password-file=$(RSYNCD_PASSWD) \
$(REMOTE_LETSENCRYPT_PATH) \ $(REMOTE_LETSENCRYPT_PATH) \
$(LETSENCRYPT_PATH) \ $(LETSENCRYPT_PATH) | \
grep . ifne tee $@
############################################################################### ###############################################################################
# Reload the nginx instance running on my reverse proxy docker-compose service # Reload the nginx instance running on my reverse proxy docker-compose service
# so that it uses the new certificates # so that it uses the new certificates.
# The target is just an empty sentinel target with no meaningful data other
# than its modification date
NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml
reload_nginx: fetch_certs $(NGINX_RELOAD): $(SYNC)
mkdir -p $(@D)
docker-compose \ docker-compose \
--file $(NGINX_COMPOSE_FILE) \ --file $(NGINX_COMPOSE_FILE) \
exec nginx \ exec nginx \
nginx -s reload nginx -s reload
touch $@
############################################################################### ###############################################################################
# Copy the certificate for the postgresql domain to the folder where postgre # Copy the certificate for the postgresql domain to the folder where postgre
@ -46,8 +57,8 @@ reload_nginx: fetch_certs
PG_DOMAIN=pg.monotremata.xyz PG_DOMAIN=pg.monotremata.xyz
PG_SSL_PATH=/mnt/docker_volumes/postgres/ssl PG_SSL_PATH=/mnt/docker_volumes/postgres/ssl
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: fetch_certs $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: $(SYNC)
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: fetch_certs $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: $(SYNC)
$(PG_SSL_PATH)/server.crt: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem $(PG_SSL_PATH)/server.crt: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem
mkdir -p $(@D) mkdir -p $(@D)