removed unused certbot DAG
parent
27a3ab61aa
commit
c320d1f084
|
|
@ -1,73 +0,0 @@
|
|||
WD=/var/lib/dags/letsencrypt_renew
|
||||
|
||||
RENEW=$(WD)/renewed_certs
|
||||
NGINX_RELOAD=$(WD)/nginx_reload
|
||||
PROSODY_IMPORT=$(WD)/prosody_import
|
||||
PROSODY_RELOAD=$(WD)/prosody_reload
|
||||
|
||||
.PHONY: all refresh_pg force
|
||||
|
||||
all: $(RENEW) $(NGINX_RELOAD) $(PROSODY_RELOAD) refresh_pg
|
||||
|
||||
LETSENCRYPT_PATH=/srv/letsencrypt
|
||||
|
||||
################################################################################
|
||||
|
||||
LETSENCRYPT_COMPOSE_FILE=/srv/services/letsencrypt/docker-compose.yml
|
||||
|
||||
$(RENEW): force
|
||||
mkdir -p $(@D)
|
||||
docker-compose \
|
||||
--file $(LETSENCRYPT_COMPOSE_FILE) \
|
||||
run --rm certbot \
|
||||
renew --deploy-hook "touch $@"
|
||||
|
||||
################################################################################
|
||||
|
||||
NGINX_COMPOSE_FILE=/srv/services/www/docker-compose.yml
|
||||
|
||||
$(NGINX_RELOAD): $(RENEW)
|
||||
mkdir -p $(@D)
|
||||
docker-compose \
|
||||
--file $(NGINX_COMPOSE_FILE) \
|
||||
exec nginx \
|
||||
nginx -s reload
|
||||
touch $@
|
||||
|
||||
################################################################################
|
||||
|
||||
PROSODY_COMPOSE_FILE=/srv/services/xmpp/docker-compose.yml
|
||||
|
||||
$(PROSODY_IMPORT): $(RENEW)
|
||||
mkdir -p $(@D)
|
||||
docker-compose \
|
||||
--file $(PROSODY_COMPOSE_FILE) \
|
||||
exec prosody \
|
||||
prosodyctl --root cert import /etc/letsencrypt/live
|
||||
touch $@
|
||||
|
||||
$(PROSODY_RELOAD): $(PROSODY_IMPORT)
|
||||
mkdir -p $(@D)
|
||||
docker-compose \
|
||||
--file $(PROSODY_COMPOSE_FILE) \
|
||||
exec prosody \
|
||||
prosodyctl reload
|
||||
touch $@
|
||||
|
||||
################################################################################
|
||||
|
||||
PG_DOMAIN=pg.caladan.monotremata.xyz
|
||||
PG_SSL_PATH=/srv/volumes/postgres/ssl
|
||||
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem: $(SYNC)
|
||||
$(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem: $(SYNC)
|
||||
|
||||
$(PG_SSL_PATH)/server.crt: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/fullchain.pem
|
||||
mkdir -p $(@D)
|
||||
rsync --copy-links $< $@
|
||||
|
||||
$(PG_SSL_PATH)/server.key: $(LETSENCRYPT_PATH)/live/$(PG_DOMAIN)/privkey.pem
|
||||
mkdir -p $(@D)
|
||||
rsync --copy-links $< $@
|
||||
|
||||
refresh_pg: $(PG_SSL_PATH)/server.crt $(PG_SSL_PATH)/server.key
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
# letsencrypt renew
|
||||
|
||||
This DAG renews Letsencrypt certificates using certbot.
|
||||
|
||||
If certificates are renewed, NGINX is reload to pick up the new ones and
|
||||
prosody imports the new certificates and realods too.
|
||||
|
||||
## TODO
|
||||
|
||||
I should probably only realod services when their specific certificates have
|
||||
been renewed.
|
||||
Loading…
Reference in New Issue