From 0ce8f1e8fb453c2eedc70cda84558dfd9e6b1ac2 Mon Sep 17 00:00:00 2001
From: Matt Spencer <matthew@thespencers.me.uk>
Date: Tue, 15 Oct 2024 22:01:36 +0100
Subject: [PATCH] Hopefully fix certificate renewal

---
 frontend.yaml                                 |  9 ++++++++-
 letsencrypt/renewal-hooks/post/start_services |  8 ++++++++
 letsencrypt/renewal-hooks/pre/stop_services   |  5 +++++
 secrets.enc                                   | 18 +++++++++---------
 4 files changed, 30 insertions(+), 10 deletions(-)
 create mode 100755 letsencrypt/renewal-hooks/post/start_services
 create mode 100755 letsencrypt/renewal-hooks/pre/stop_services

diff --git a/frontend.yaml b/frontend.yaml
index 17651c2..def1bb0 100755
--- a/frontend.yaml
+++ b/frontend.yaml
@@ -5,7 +5,8 @@
   vars:
     username: matt
 
-    certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
+    #certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
+    certbot_auto_renew_user: "root"
     certbot_auto_renew_hour: "3"
     certbot_auto_renew_minute: "30"
 
@@ -40,6 +41,12 @@
       become: true
 
   tasks:
+    - name: Override default certbot start/stop jobs
+      become: true
+      ansible.builtin.copy:
+        src: letsencrypt
+        dest: /etc
+
     - name: Copy reverse proxy configuration to host
       become: true
       ansible.builtin.copy:
diff --git a/letsencrypt/renewal-hooks/post/start_services b/letsencrypt/renewal-hooks/post/start_services
new file mode 100755
index 0000000..56030cb
--- /dev/null
+++ b/letsencrypt/renewal-hooks/post/start_services
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Ansible managed
+
+#echo "starting service nginx"
+#systemctl start nginx
+
+echo "Restarting reverse_proxy container"
+docker restart reverse_proxy
diff --git a/letsencrypt/renewal-hooks/pre/stop_services b/letsencrypt/renewal-hooks/pre/stop_services
new file mode 100755
index 0000000..7498f9d
--- /dev/null
+++ b/letsencrypt/renewal-hooks/pre/stop_services
@@ -0,0 +1,5 @@
+#!/bin/bash
+# Ansible managed
+
+#echo "stopping service nginx"
+#systemctl stop nginx
\ No newline at end of file
diff --git a/secrets.enc b/secrets.enc
index 6cfe32f..e9ac36d 100755
--- a/secrets.enc
+++ b/secrets.enc
@@ -1,10 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-65396135303665363764323463613764666332663837623035663634316463643635613066616461
-6665383135363364303437613731363463653831666432610a386132303963653963663331626135
-34393566626133323436373237323562616432336136396233643035373464323937363830316534
-6666313366633064650a303963393438373065666232633334353932663334616335633531363130
-64363232306265393833323036376134313230633862306535366138623664343363346463363031
-61306339383639636137363334663266393331333033643432626435666230663166343133346663
-38616464336130336461373865353963363066373233633334633838363465613064303935663634
-61333831666233383966633431623933383831306337343232396232636162616339386539386432
-6338
+39376439353063643939363564336534396362656638363136366137643332613264363330316564
+6461323335653064646239666430303034613635313731630a656261613936376636346432646231
+62323136623565356532346533386536663533343533363966623662616464643030336632353533
+3935363931363034650a616331316434663766663734333261356430616531343835306237303739
+31613735663430376566313538633131663434636663363735373731366432373430363438336337
+31323164643365636134636366303164333635306232313464613834646632383636616437343261
+32613666346238633639643932306364353164643966626133623135646230366434386532663234
+37383931613466323931653235616635323339363335323062316131346634346332666535383366
+3865