diff --git a/letsencrypt_renew/Makefile b/letsencrypt_renew/Makefile deleted file mode 100644 index 7098bbf..0000000 --- a/letsencrypt_renew/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -WD=/var/lib/dags/letsencrypt_renew - -RENEW=$(WD)/renewed_certs -NGINX_RELOAD=$(WD)/nginx_reload -PROSODY_IMPORT=$(WD)/prosody_import -PROSODY_RELOAD=$(WD)/prosody_reload - -.PHONY: all refresh_pg force - -all: $(RENEW) $(NGINX_RELOAD) $(PROSODY_RELOAD) refresh_pg - -LETSENCRYPT_PATH=/srv/letsencrypt - -################################################################################ - -LETSENCRYPT_COMPOSE_FILE=/srv/services/letsencrypt/docker-compose.yml - -$(RENEW): force - mkdir -p $(@D) - docker-compose \ - --file $(LETSENCRYPT_COMPOSE_FILE) \ - run --rm certbot \ - renew --deploy-hook "touch $@" - -################################################################################ - -NGINX_COMPOSE_FILE=/srv/services/www/docker-compose.yml - -$(NGINX_RELOAD): $(RENEW) - mkdir -p $(@D) - docker-compose \ - --file $(NGINX_COMPOSE_FILE) \ - exec nginx \ - nginx -s reload - touch $@ - -################################################################################ - -PROSODY_COMPOSE_FILE=/srv/services/xmpp/docker-compose.yml - -$(PROSODY_IMPORT): $(RENEW) - mkdir -p $(@D) - docker-compose \ - --file $(PROSODY_COMPOSE_FILE) \ - exec prosody \ - prosodyctl --root cert import /etc/letsencrypt/live - touch $@ - -$(PROSODY_RELOAD): $(PROSODY_IMPORT) - mkdir -p $(@D) - docker-compose \ - --file $(PROSODY_COMPOSE_FILE) \ - exec prosody \ - prosodyctl reload - touch $@ - -################################################################################ - -PG_DOMAIN=pg.caladan.monotremata.xyz -PG_SSL_PATH=/srv/volumes/postgres/ssl - -$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: $(SYNC) -$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: $(SYNC) - -$(PG_SSL_PATH)/server.crt: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem - mkdir -p $(@D) - rsync --copy-links $< $@ - -$(PG_SSL_PATH)/server.key: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem - mkdir -p $(@D) - rsync --copy-links $< $@ - -refresh_pg: $(PG_SSL_PATH)/server.crt $(PG_SSL_PATH)/server.key diff --git a/letsencrypt_renew/README.md b/letsencrypt_renew/README.md deleted file mode 100644 index 9746398..0000000 --- a/letsencrypt_renew/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# letsencrypt renew - -This DAG renews Letsencrypt certificates using certbot. - -If certificates are renewed, NGINX is reload to pick up the new ones and -prosody imports the new certificates and realods too. - -## TODO - -I should probably only realod services when their specific certificates have -been renewed.