From 49069bb0f25594eec7a0d4c1c993afb73d8ce961 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Thu, 3 Oct 2019 18:04:34 +0800
Subject: web: Employ monthly periodic task to renew certificates

---
 roles/web/tasks/main.yml | 31 +++++++++++++++----------------
 1 file changed, 15 insertions(+), 16 deletions(-)

(limited to 'roles/web/tasks')

diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index 905c60e..d354b18 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -147,28 +147,27 @@
   tags: acme
 
 - name: acme.sh - generate renew script
-  copy:
+  template:
+    src: acme/renew.sh.j2
     dest: "{{ web.acme_home }}/renew.sh"
     mode: 0755
-    content: |
-      acme.sh --cron
-      sh {{ web.acme_home }}/deploy.sh
   tags: acme
 
-- name: acme.sh - install cron job to renew (1)
-  cron:
-    user: acme
-    name: MAILTO
-    env: true
-    job: root
+- name: acme.sh - set monthly task for cert renewal (1)
+  copy:
+    src: 600.acme-sh
+    dest: /etc/periodic/monthly/600.acme-sh
+    mode: 0755
   tags: acme
 
-- name: acme.sh - install cron job to renew (2)
-  cron:
-    user: acme
-    name: "acme.sh-renew"
-    special_time: monthly
-    job: "sh {{ web.acme_home }}/renew.sh"
+- name: acme.sh - set monthly task for cert renewal (2)
+  blockinfile:
+    path: /etc/periodic.conf
+    marker: '# {mark} ANSIBLE MANAGED - acme'
+    block: |
+      monthly_acme_sh_enable="YES"
+      monthly_acme_sh_renewscript="{{ web.acme_home }}/renew.sh"
+      monthly_acme_sh_deployscript="{{ web.acme_home }}/deploy.sh"
   tags: acme
 
 - block:
-- 
cgit v1.2.2