evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 17 Releases 34 Wiki Activity

Release 10.0.0 #100

Manually merged
jlecour merged 321 commits from unstable into stable 2020-05-13 11:25:49 +02:00
Conversation 0 Commits 321 Files changed 309 +45 -40
5 changed files with 45 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 86108999c1 - Show all commits

15
certbot/files/hooks/apache.sh
View file

@ -13,18 +13,19 @@ debug() {
fi fi
} }
if [ -n "$(pidof apache2)" ]; then apache2ctl_bin=$(command -v apache2ctl)
apache2ctl_bin=$(command -v apache2ctl)
if [ -n "$(pidof apache2)" ] && [ -n "${apache2ctl_bin}" ]; then
if grep -r -E "letsencrypt" /etc/apache2/; then
if ${apache2ctl_bin} configtest > /dev/null; then if ${apache2ctl_bin} configtest > /dev/null; then
if grep --dereference-recursive -E "^\s*SSLCertificate" /etc/apache2/sites-enabled | grep -q "letsencrypt"; then
debug "Apache detected... reloading" debug "Apache detected... reloading"
systemctl reload apache2 systemctl reload apache2
else
debug "Apache doesn't use Let's Encrypt certificate. Skip."
fi
else else
error "Apache config is broken, you must fix it !" error "Apache config is broken, you must fix it !"
fi fi
else
debug "Apache doesn't use Let's Encrypt certificate. Skip."
fi
else else
debug "Apache is not running. Skip." debug "Apache is not running or missing. Skip."
fi fi

15
certbot/files/hooks/dovecot.sh
View file

@ -13,18 +13,19 @@ debug() {
fi fi
} }
if [ -n "$(pidof dovecot)" ]; then doveconf_bin=$(command -v doveconf)
doveconf_bin=$(command -v doveconf)
if ${doveconf_bin} > /dev/null; then if [ -n "$(pidof dovecot)" ] && [ -n "${doveconf_bin}" ]; then
if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then if ${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"; then
if ${doveconf_bin} > /dev/null; then
debug "Dovecot detected... reloading" debug "Dovecot detected... reloading"
systemctl reload dovecot systemctl reload dovecot
else
debug "Dovecot doesn't use Let's Encrypt certificate. Skip."
fi
else else
error "Dovecot config is broken, you must fix it !" error "Dovecot config is broken, you must fix it !"
fi fi
else
debug "Dovecot doesn't use Let's Encrypt certificate. Skip."
fi
else else
debug "Dovecot is not running. Skip." debug "Dovecot is not running or missing. Skip."
fi fi

15
certbot/files/hooks/haproxy.sh
View file

@ -17,9 +17,9 @@ if [ -z "${RENEWED_LINEAGE}" ]; then
error "This script must be called only by certbot!" error "This script must be called only by certbot!"
fi fi
if [ -n "$(pidof haproxy)" ]; then haproxy_bin=$(command -v haproxy)
haproxy_bin=$(command -v haproxy)
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then if [ -n "$(pidof haproxy)" ] && [ -n "${haproxy_bin}" ]; then
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ] && [ -f "${RENEWED_LINEAGE}/privkey.pem" ]; then
haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem" haproxy_cert_file="/etc/ssl/haproxy/$(basename "${RENEWED_LINEAGE}").pem"
@ -28,14 +28,15 @@ if [ -n "$(pidof haproxy)" ]; then
chmod 600 "${haproxy_cert_file}" chmod 600 "${haproxy_cert_file}"
chown root: "${haproxy_cert_file}" chown root: "${haproxy_cert_file}"
if ${haproxy_bin} -c -f /etc/haproxy/haproxy.cfg > /dev/null; then
debug "HAProxy detected... reloading" debug "HAProxy detected... reloading"
systemctl reload apache2 systemctl reload apache2
else
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
fi
else else
error "HAProxy config is broken, you must fix it !" error "HAProxy config is broken, you must fix it !"
fi fi
else
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
fi
else else
debug "HAProxy is not running. Skip." debug "HAProxy is not running or missing. Skip."
fi fi

15
certbot/files/hooks/nginx.sh
View file

@ -13,18 +13,19 @@ debug() {
fi fi
} }
if [ -n "$(pidof nginx)" ]; then nginx_bin=$(command -v nginx)
nginx_bin=$(command -v nginx)
if [ -n "$(pidof nginx)" ] && [ -n "${nginx_bin}" ]; then
if grep --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled; then
if ${nginx_bin} -t > /dev/null; then if ${nginx_bin} -t > /dev/null; then
if grep --dereference-recursive -E "^\s*ssl_certificate" /etc/nginx/sites-enabled | grep -q "letsencrypt"; then
debug "Nginx detected... reloading" debug "Nginx detected... reloading"
systemctl reload nginx systemctl reload nginx
else
debug "Nginx doesn't use Let's Encrypt certificate. Skip."
fi
else else
error "Nginx config is broken, you must fix it !" error "Nginx config is broken, you must fix it !"
fi fi
else
debug "Nginx doesn't use Let's Encrypt certificate. Skip."
fi
else else
debug "Nginx is not running. Skip." debug "Nginx is not running or missing. Skip."
fi fi

15
certbot/files/hooks/postfix.sh
View file

@ -13,18 +13,19 @@ debug() {
fi fi
} }
if [ -n "$(pidof master)" ]; then postconf_bin=$(command -v postconf)
postconf_bin=$(command -v postconf)
if ${postconf_bin} > /dev/null; then if [ -n "$(pidof master)" ] && [ -n "${postconf_bin}" ]; then
if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then if ${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"; then
if ${postconf_bin} > /dev/null; then
debug "Postfix detected... reloading" debug "Postfix detected... reloading"
systemctl reload postfix systemctl reload postfix
else
debug "Postfix doesn't use Let's Encrypt certificate. Skip."
fi
else else
error "Postfix config is broken, you must fix it !" error "Postfix config is broken, you must fix it !"
fi fi
else
debug "Postfix doesn't use Let's Encrypt certificate. Skip."
fi
else else
debug "Postfix is not running. Skip." debug "Postfix is not running or missing. Skip."
fi fi