haproxy: remove default acme cronjob and install a new cronjob in /etc/cron.d/

baszoetekouw · baszoetekouw · commit 59e6f619ea7b · 2026-05-22T15:44:33.000+02:00
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml
@@ -45,3 +45,6 @@ haproxy_acmedns:
   password: "password"
   subdomain: "a_subdomain"
   fulldomain: "a_subdomain.acme-dns.example.org"
+
+# on which weekday (cron, 0==sunday) to run the renewal script
+haproxy_acme_cronjob_dow: 1
diff --git a/roles/haproxy/tasks/acme.yml b/roles/haproxy/tasks/acme.yml
@@ -54,3 +54,18 @@
   register: "acme_account"
   become: true
   become_user: "acme"
+
+- name: Remove default cronjob for renewal
+  ansible.builtin.file:
+    path: "/var/spool/cron/crontabs/acme"
+    state: "absent"
+
+- name: Install cronjob for renewal
+  ansible.builtin.copy:
+    dest: "/etc/cron.d/acme-renew"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+    content: |
+      MAILTO=surfconext-beheer@surf.nl
+      30 07    * *   {{ haproxy_acme_cronjob_dow }}    acme    /home/acme/.acme.sh/acme.sh --cron --home /home/acme/.acme.sh > /dev/null
