diff --git a/evoacme/defaults/main.yml b/evoacme/defaults/main.yml index 3d0842bc..e54ef2fc 100644 --- a/evoacme/defaults/main.yml +++ b/evoacme/defaults/main.yml @@ -5,7 +5,7 @@ evoacme_dhparam_size: 2048 evoacme_acme_dir: /var/lib/letsencrypt evoacme_csr_dir: /etc/ssl/requests evoacme_crt_dir: /etc/letsencrypt -evoacme_hooks_dir: "{{ evoacme_crt_dir }}/hooks" +evoacme_hooks_dir: "{{ evoacme_crt_dir }}/renewal-hooks/deploy" evoacme_log_dir: /var/log/evoacme evoacme_ssl_minday: 30 evoacme_ssl_ct: 'FR' diff --git a/evoacme/files/hooks/commit b/evoacme/files/hooks/commit deleted file mode 100644 index 86381dce..00000000 --- a/evoacme/files/hooks/commit +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -git_bin=$(command -v git) -letsencrypt_dir=/etc/letsencrypt -export GIT_DIR="/etc/.git" -export GIT_WORK_TREE="/etc" - -if test -x "${git_bin}" && test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then - changed_lines=$(${git_bin} status --porcelain -- ${letsencrypt_dir} | wc -l | tr -d ' ') - - if [ "${changed_lines}" != "0" ]; then - ${git_bin} add --all ${letsencrypt_dir} - message="[letsencrypt] certificates renewal (${RENEWED_DOMAINS})" - ${git_bin} commit --message "${message}" --quiet - else - echo "Weird, nothing has changed but the hook has been executed for '${RENEWED_DOMAINS}'" - fi -fi diff --git a/evoacme/files/hooks/reload_apache b/evoacme/files/hooks/reload_apache deleted file mode 100755 index 1db59b5b..00000000 --- a/evoacme/files/hooks/reload_apache +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -readonly PROGNAME=$(basename "$0") -# shellcheck disable=SC2124,SC2034 -readonly ARGS=$@ - -readonly VERBOSE=${VERBOSE:-"0"} -readonly QUIET=${QUIET:-"0"} - -error() { - >&2 echo "${PROGNAME}: $1" - exit 1 -} -debug() { - if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then - >&2 echo "${PROGNAME}: $1" - fi -} - -if [ -n "$(pidof apache2)" ]; then - # shellcheck disable=SC2091 - if $($(command -v apache2ctl) -t 2> /dev/null); then - debug "Apache detected... reloading" - service apache2 reload - else - error " Apache config is broken, you must fix it !" - fi -else - debug "Apache is not running. Skip." -fi diff --git a/evoacme/files/hooks/reload_dovecot b/evoacme/files/hooks/reload_dovecot deleted file mode 100755 index 602e7c85..00000000 --- a/evoacme/files/hooks/reload_dovecot +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -readonly PROGNAME=$(basename "$0") -# shellcheck disable=SC2124,SC2034 -readonly ARGS=$@ - -readonly VERBOSE=${VERBOSE:-"0"} -readonly QUIET=${QUIET:-"0"} - -error() { - >&2 echo "${PROGNAME}: $1" - exit 1 -} -debug() { - if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then - >&2 echo "${PROGNAME}: $1" - fi -} - -if [ -n "$(pidof dovecot)" ]; then - # shellcheck disable=SC2091 - if $($(command -v doveconf) > /dev/null); then - # shellcheck disable=SC2091 - if $($(command -v doveconf)|grep -E "^ssl_cert[^_]"|grep -q "letsencrypt"); then - debug "Dovecot detected... reloading" - service dovecot reload - else - debug "Dovecot doesn't use Let's Encrypt certificate. Skip." - fi - else - error "Dovecot config is broken, you must fix it !" - fi -else - debug "Dovecot is not running. Skip." -fi diff --git a/evoacme/files/hooks/reload_nginx b/evoacme/files/hooks/reload_nginx deleted file mode 100755 index 48c49da9..00000000 --- a/evoacme/files/hooks/reload_nginx +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -readonly PROGNAME=$(basename "$0") -# shellcheck disable=SC2124,SC2034 -readonly ARGS=$@ - -readonly VERBOSE=${VERBOSE:-"0"} -readonly QUIET=${QUIET:-"0"} - -error() { - >&2 echo "${PROGNAME}: $1" - exit 1 -} -debug() { - if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then - >&2 echo "${PROGNAME}: $1" - fi -} - -if [ -n "$(pidof nginx)" ]; then - # shellcheck disable=SC2091 - if $($(command -v nginx) -t 2> /dev/null); then - debug "Nginx detected... reloading" - service nginx reload - else - error "Nginx config is broken, you must fix it !" - fi -else - debug "Nginx is not running. Skip." -fi diff --git a/evoacme/files/hooks/reload_postfix b/evoacme/files/hooks/reload_postfix deleted file mode 100755 index eb17b58e..00000000 --- a/evoacme/files/hooks/reload_postfix +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -readonly PROGNAME=$(basename "$0") -# shellcheck disable=SC2124,SC2034 -readonly ARGS=$@ - -readonly VERBOSE=${VERBOSE:-"0"} -readonly QUIET=${QUIET:-"0"} - -error() { - >&2 echo "${PROGNAME}: $1" - exit 1 -} -debug() { - if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then - >&2 echo "${PROGNAME}: $1" - fi -} - -if [ -n "$(pidof master)" ]; then - # shellcheck disable=SC2091 - if $($(command -v postconf) > /dev/null); then - # shellcheck disable=SC2091 - if $($(command -v postconf)|grep -E "^smtpd_tls_cert_file"|grep -q "letsencrypt"); then - debug "Postfix detected... reloading" - service postfix reload - else - debug "Postfix doesn't use Let's Encrypt certificate. Skip." - fi - else - error "Postfix config is broken, you must fix it !" - fi -else - debug "Postfix is not running. Skip." -fi diff --git a/evoacme/tasks/main.yml b/evoacme/tasks/main.yml index 1baede00..cd7ccc70 100644 --- a/evoacme/tasks/main.yml +++ b/evoacme/tasks/main.yml @@ -12,12 +12,7 @@ - include: evoacme_hook.yml vars: hook_name: "{{ item }}" - with_items: - - reload_apache - - reload_nginx - - reload_dovecot - - reload_postfix - - commit + loop: [] - include: conf.yml diff --git a/evoacme/templates/evoacme.conf.j2 b/evoacme/templates/evoacme.conf.j2 index fc1ba70b..27405f56 100644 --- a/evoacme/templates/evoacme.conf.j2 +++ b/evoacme/templates/evoacme.conf.j2 @@ -4,5 +4,6 @@ SSL_KEY_DIR=${SSL_KEY_DIR:-{{ evoacme_ssl_key_dir }}} ACME_DIR=${ACME_DIR:-{{ evoacme_acme_dir }}} CSR_DIR=${CSR_DIR:-{{ evoacme_csr_dir }}} CRT_DIR=${CRT_DIR:-{{ evoacme_crt_dir }}} +HOOKS_DIR=${HOOKS_DIR:-"{{ evoacme_hooks_dir }}"} LOG_DIR=${LOG_DIR:-{{ evoacme_log_dir }}} SSL_MINDAY=${SSL_MINDAY:-{{ evoacme_ssl_minday }}}