feat: certbot reorg

- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
This commit is contained in:
2024-07-08 20:22:44 +10:00
parent 30ec8c1bb1
commit bd5164fed3
21 changed files with 232 additions and 80 deletions
@@ -0,0 +1,10 @@
[Unit]
Description=certbot-syncer service
[Service]
Type=oneshot
ExecStart=/usr/bin/rsync --chmod=D2755,F644 -aL /etc/letsencrypt/live/ <%= $data_root %>/pub/
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
@@ -0,0 +1,9 @@
[Unit]
Description=certbot-syncer timer
[Timer]
OnCalendar=hourly
Persistent=true
[Install]
WantedBy=timers.target