diff --git a/defaults/main.yml b/defaults/main.yml index 5936b46..4cabcb6 100755 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -43,3 +43,35 @@ nginx_gzip: true letsencrypt_mail_address: admin@my-domain.tld +letsencrypt_renewal_scripts: [] + # - name: "copy_to_coturn_folder" + # type: "deploy" + # content: | + # #!/bin/sh + + # set -e + + # for domain in $RENEWED_DOMAINS; do + # case $domain in + # example.com) + # daemon_cert_root=/etc/coturn/certs + + # # Make sure the certificate and private key files are + # # never world readable, even just for an instant while + # # we're copying them into daemon_cert_root. + # umask 077 + + # cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.cert" + # cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key" + + # # Apply the proper file ownership and permissions for + # # the daemon to read its certificate and key. + # chown turnserver "$daemon_cert_root/$domain.cert" \ + # "$daemon_cert_root/$domain.key" + # chmod 400 "$daemon_cert_root/$domain.cert" \ + # "$daemon_cert_root/$domain.key" + + # service coturn restart >/dev/null + # ;; + # esac + # done \ No newline at end of file diff --git a/tasks/letsencrypt.yml b/tasks/letsencrypt.yml index cd61137..c8434c8 100755 --- a/tasks/letsencrypt.yml +++ b/tasks/letsencrypt.yml @@ -40,3 +40,12 @@ name: letsencrypt special_time: daily job: /usr/bin/certbot -q renew + +- name: Setup renewal scripts + copy: + dest: "/etc/letsencrypt/renewal-hooks/{{ item.type }}/{{ item.name }}.sh" + mode: 0700 + content: "{{ item.content }}" + loop: "{{ letsencrypt_renewal_scripts }}" + loop_control: + label: "{{ item.name }}"