As suggested in #65 (Github issue), this patch switches cronjob management from using templates to using Ansible's `cron` module. It also moves the management of the nginx-reload cronjob to `setup_ssl_lets_encrypt.yml`, which is a more fitting place for it (given that this cronjob is only required when Let's Encrypt is used). Pros: - using a module is more Ansible-ish than templating our own files in special directories - more reliable: will fail early (during playbook execution) if `/usr/bin/crontab` is not available, which is more of a guarantee that cron is working fine (idea: we should probably install some cron package using the playbook) Cons: - invocation schedule is no longer configurable, unless we define individual variables for everything or do something smart (splitting on ' ', etc.). Likely not necessary, however. - requires us to deprecate and clean-up after the old way of managing cronjobs, because it's not compatible (using the same file as before means appending additional jobs to it)development
parent
ef2dc3745a
commit
b222d26c86
@ -1,8 +0,0 @@
|
|||||||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
|
||||||
|
|
||||||
# This periodically reloads the matrix-nginx-proxy service
|
|
||||||
# to ensure it's using the latest SSL certificate
|
|
||||||
# in case it got renewed by the `matrix-ssl-certificate-renewal` cronjob
|
|
||||||
# (which happens once every ~2-3 months).
|
|
||||||
|
|
||||||
{{ matrix_nginx_proxy_reload_cron_time_definition }} root /usr/bin/systemctl reload matrix-nginx-proxy.service
|
|
@ -1,11 +0,0 @@
|
|||||||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
|
||||||
|
|
||||||
# The goal of this cronjob is to ask certbot to check
|
|
||||||
# the current SSL certificates and to see if some need renewal.
|
|
||||||
# If so, it would attempt to renew.
|
|
||||||
#
|
|
||||||
# Various services depend on these certificates and would need to be restarted.
|
|
||||||
# This is not our concern here. We simply make sure the certificates are up to date.
|
|
||||||
# Restarting of services happens on its own different schedule (other cronjobs).
|
|
||||||
|
|
||||||
{{ matrix_ssl_lets_encrypt_renew_cron_time_definition }} root /bin/bash /usr/local/bin/matrix-ssl-certificates-renew
|
|
Loading…
Reference in new issue