Skip to content

Commit

Permalink
feat(lego): allow running multiple instances with systemd templates
Browse files Browse the repository at this point in the history
  • Loading branch information
@transcaffeine
transcaffeine committed Sep 20, 2023
1 parent 53fb5ce commit f9a78c4
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 17 deletions.
18 changes: 18 additions & 0 deletions roles/lego/templates/lego.env.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
LEGO_USER={{ lego_user_res.name }}
LEGO_GROUP={{ lego_user_res.group }}
LEGO_CERT_STORE_OWNER={{ lego_certificate_store_user }}
LEGO_CERT_STORE_GROUP={{ lego_certificate_store_group }}
LEGO_CERT_STORE_PATH={{ lego_certificate_store }}
LEGO_CERT_STORE_MODE={{ lego_certificate_store_mode }}
LEGO_CWD={{ lego_base_path }}
LEGO_COMMAND={{ lego_command_systemd }}
{% if lego_enable_metrics_textfile %}
LEGO_ENABLE_METRICS=true
{% endif %}
{% if lego_post_renewal_script is defined %}
LEGO_POST_RENEW_HOOK_PATH={{ lego_post_renewal_script }}
{% endif %}
{% for envvar in lego_configuration_merged.environment %}
{{ envvar }}={{ lego_configuration_merged.environment[envvar] }}
{% endfor %}

28 changes: 11 additions & 17 deletions roles/lego/templates/lego.service.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,24 +5,18 @@ Description=lego - Let's Encrypt client written in Go
StandardOutput=journal
StandardError=journal
SyslogIdentifier=lego
{% for envvar in lego_configuration_merged.environment %}
Environment={{ envvar }}={{ lego_configuration_merged.environment[envvar] }}
{% endfor %}
EnvironmentFile=/etc/lego/%i.conf
Type=oneshot
Group={{ lego_user_res.group }}
User={{ lego_user_res.name }}
WorkingDirectory={{ lego_base_path }}
ExecStartPre=+-chown {{ lego_certificate_store_user }}:{{ lego_certificate_store_group }} {{ lego_certificate_store }}
ExecStartPre=+-chmod {{ lego_certificate_store_mode }} {{ lego_certificate_store }}
ExecStart={{ lego_command_systemd }}
ExecStartPost=+-/bin/sh -c 'chown {{ lego_certificate_store_user }}:{{ lego_certificate_store_group }} {{ lego_certificate_store }}/*'
ExecStartPost=+-/bin/sh -c 'chmod 0640 {{ lego_certificate_store }}/*'
{% if lego_enable_metrics_textfile %}
ExecStartPost=+-/usr/bin/python3 {{ lego_base_path }}/metrics-textfile.py
{% endif %}
{% if lego_post_renewal_script is defined %}
ExecStartPost=+-{{ lego_post_renewal_script }}
{% endif %}
Group=${LEGO_GROUP}
User=${LEGO_USER}
WorkingDirectory=${LEGO_CWD}
ExecStartPre=+-chown ${LEGO_CERT_STORE_OWNER}:${LEGO_CERT_STORE_GROUP} ${LEGO_CCERTIFICATE_STORE}
ExecStartPre=+-chmod ${LEGO_CERT_STORE_MODE} ${LEGO_CERTIFICATE_STORE}
ExecStart=${LEGO_COMMAND}
ExecStartPost=+-/bin/sh -c 'chown ${LEGO_CERT_STORE_OWNER}:${LEGO_CERT_STORE_GROUP} ${LEGO_CERT_STORE}/*'
ExecStartPost=+-/bin/sh -c 'chmod 0640 ${LEGO_CERT_STORE}/*'
ExecStartPost=+-/bin/bash -c 'test -n "${LEGO_ENABLE_METRICS-}" && /usr/bin/python3 ${LEGO_CWD}/metrics-textfile.py'
ExecStartPost=+-${LEGO_POST_RENEW_HOOK_PATH}

[Install]
WantedBy=multi-user.target

0 comments on commit f9a78c4

Please # to comment.