patch to auto renew certs with cron

2025-12-15 15:02:13 +11:00 · 2024-03-06 12:57:39 +11:00 · 2024-03-06 12:57:39 +11:00 · f674f5bc41
commit f674f5bc41
parent af10007dbe
5 changed files with 28 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+inventory2
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 pihole:
    hosts:
-        dns.expand.gay: #change me to your caddy servers ip address or hostname
+        127.0.0.1: #change me to your caddy servers ip address or hostname
    vars: 
        ansible_ssh_user: root #changing this will require changes to the playbook, currently the playbook must be run as root.
        ansible_ssh_common_args: '-o StrictHostKeyChecking=no' #This stops hostkey checking useful if like me you destroy vms and build new ones all the time
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+pihole:
+    hosts:
+        dns.expand.gay: #change me to your caddy servers ip address or hostname
+    vars: 
+        ansible_ssh_user: root #changing this will require changes to the playbook, currently the playbook must be run as root.
+        ansible_ssh_common_args: '-o StrictHostKeyChecking=no' #This stops hostkey checking useful if like me you destroy vms and build new ones all the time
--- a/main.ansible.yml
+++ b/main.ansible.yml
@ -62,10 +62,18 @@
        virtualenv: /opt/certbot/
        state: present
    
+    - name: Check if lighttpd is installed
+      ansible.builtin.stat:
+        path: /usr/sbin/lighttpd
+      register: lightinstalled
+
+
+
    - name: stop lighttpd, so that certbot can run
      ansible.builtin.systemd_service:
        name: lighttpd
        state: stopped
+      when: lightinstalled.stat.exists is true
    
    - name: stop nginx, so that certbot can run
      ansible.builtin.systemd_service:
@ -226,4 +234,13 @@
      ansible.builtin.systemd_service:
        name: nginx
        state: restarted
-        enabled: true
+        enabled: true
+    
+    - name: Add a cron job to run a script once a month
+      cron:
+        name: "Certbot Renew"
+        job: "sudo certbot certonly --standalone -m '{{ DNSEMAIL }}' -d '{{ DNSDOMAIN }}' -n --agree-tos --no-eff-email --preferred-chain='ISRG Root X1' && systemctl restart nginx"
+        user: "root"
+        minute: "0"
+        hour: "12"
+        day: "1"
--- a/vars/default.yml
+++ b/vars/default.yml
@ -1,3 +1,3 @@
 ---
-DNSEMAIL: 'expand@ur-mom.gay'
-DNSDOMAIN: 'dns.expand.gay'
+DNSEMAIL: 'PUT YOUR EMAIL HERE'
+DNSDOMAIN: 'PUT YOUR DOMAIN HERE'