Merge pull request #678 from OpenConext/release/661

release/661

Author: baszoetekouw

roles/haproxy/defaults/main.yml

@@ -45,3 +45,9 @@ haproxy_acmedns:
   password: "password"
   subdomain: "a_subdomain"
   fulldomain: "a_subdomain.acme-dns.example.org"
+
+# on which weekday (cron, 0==sunday) to run the renewal script
+haproxy_acme_cronjob_dow: 1
+
+# optional monitoring url for acme cron
+haproxy_acme_cronjob_monitor_url:

roles/haproxy/tasks/acme.yml

@@ -54,3 +54,21 @@
   register: "acme_account"
   become: true
   become_user: "acme"
+
+- name: Remove default cronjob for renewal
+  ansible.builtin.file:
+    path: "/var/spool/cron/crontabs/acme"
+    state: "absent"
+
+- name: Install cronjob for renewal
+  ansible.builtin.copy:
+    dest: "/etc/cron.d/acme-renew"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+    content: |
+      MAILTO=surfconext-beheer@surf.nl
+      30 07    * *   {{ haproxy_acme_cronjob_dow }}    acme    /home/acme/.acme.sh/acme.sh --cron --home /home/acme/.acme.sh > /dev/null
+      {%- if haproxy_acme_cronjob_monitor_url | default('') -%}
+         {# #} && curl -fsS --retry 3 -o /dev/null {{ haproxy_acme_cronjob_monitor_url }}
+      {%- endif %}