make renew hook executable; add systemd units and timer to renew certificates

2024-11-19 13:11:40 +01:00 · 2024-11-19 13:11:40 +01:00 · 428d5c288f
commit 428d5c288f
parent 57845a3bdf
2 changed files with 32 additions and 0 deletions
--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -65,3 +65,35 @@ if [[ ! -d ./data/.lego ]]; then
 fi

 # Setup cronjob to automatically renew certificates
+[[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload
+[Unit]
+Description=SSL Certificate renewal for sso.base23.de with LEGO
+Documentation=https://go-acme.github.io/lego/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh
+WorkingDirectory=/var/lib/apps/sso.base23.de/
+User=root
+Group=root
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+[[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.timer ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.timer && systemctl daemon-reload && systemctl enable --now lego-renew-sso-base23-de.timer
+[Unit]
+Description=SSL Certificate renewal for sso.base23.de with LEGO Timer
+
+[Timer]
+OnCalendar=*-*-* 01:32:00
+# add extra delay, here up to 1 hour:
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+EOF