add letesencrypt hook

defaults/main.yml

@@ -43,3 +43,35 @@ nginx_gzip: true
 
 letsencrypt_mail_address: admin@my-domain.tld
 
+letsencrypt_renewal_scripts: []
+  # - name: "copy_to_coturn_folder"
+  #   type: "deploy"
+  #   content: |
+  #     #!/bin/sh
+
+  #     set -e
+
+  #     for domain in $RENEWED_DOMAINS; do
+  #             case $domain in
+  #             example.com)
+  #                     daemon_cert_root=/etc/coturn/certs
+
+  #                     # Make sure the certificate and private key files are
+  #                     # never world readable, even just for an instant while
+  #                     # we're copying them into daemon_cert_root.
+  #                     umask 077
+
+  #                     cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.cert"
+  #                     cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key"
+
+  #                     # Apply the proper file ownership and permissions for
+  #                     # the daemon to read its certificate and key.
+  #                     chown turnserver "$daemon_cert_root/$domain.cert" \
+  #                             "$daemon_cert_root/$domain.key"
+  #                     chmod 400 "$daemon_cert_root/$domain.cert" \
+  #                             "$daemon_cert_root/$domain.key"
+
+  #                     service coturn restart >/dev/null
+  #                     ;;
+  #             esac
+  #     done

tasks/letsencrypt.yml

@@ -40,3 +40,12 @@
     name: letsencrypt
     special_time: daily
     job: /usr/bin/certbot -q renew
+
+- name: Setup renewal scripts
+  copy:
+    dest: "/etc/letsencrypt/renewal-hooks/{{ item.type }}/{{ item.name }}.sh"
+    mode: 0700
+    content: "{{ item.content }}"
+  loop: "{{ letsencrypt_renewal_scripts }}"
+  loop_control:
+    label: "{{ item.name }}"