From 9b7222c1650821932431593fc04fdf3b7350e3b6 Mon Sep 17 00:00:00 2001
From: chapeau <me@chapoline.me>
Date: Sat, 7 Sep 2024 10:25:12 +0200
Subject: [PATCH] Add status.vm.chapo.li

---
 all.yml                          | 17 +++++++++--------
 inventory.yml                    | 16 ++++++++++++++++
 roles/certbot-dns/README.md      |  1 +
 roles/certbot-dns/tasks/main.yml |  2 +-
 4 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/all.yml b/all.yml
index f8ba358..fc11b46 100644
--- a/all.yml
+++ b/all.yml
@@ -28,11 +28,12 @@
   roles:
     - { role: backup, tags: backup }
 
-# - hosts: acme
-#   roles:
-#     - role: certbot-dns
-#       tags: acme
-#   vars:
-#     cert:
-#       name: "{{ acme_domain }}"
-#       alias: "{{ acme_alias|default([]) }}"
\ No newline at end of file
+- hosts: acme
+  roles:
+    - role: certbot-dns
+      tags: acme
+  vars:
+    cert:
+      name: "{{ acme_domain|default(inventory_hostname) }}"
+      alias: "{{ acme_alias|default([]) }}"
+      renewal_hook: "{{ renewal_hook }}"
\ No newline at end of file
diff --git a/inventory.yml b/inventory.yml
index e26aebd..f4d7c6d 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -71,6 +71,10 @@ lxc:
       ansible_host: 10.255.3.16
       resources: { cpu: 4, ram: 4096, swap: 1024, disk: 128 }
 
+    status.vm.chapo.li:
+      ansible_host: 10.255.3.17
+      resources: { cpu: 1, ram: 1024, swap: 1024, disk: 16 }
+
 
   vars:
     ansible_user: root
@@ -95,6 +99,11 @@ mail:
   hosts:
     mail.vm.chapo.li:
 
+acme:
+  hosts:
+    status.vm.chapo.li:
+      renewal_hook: systemctl restart nginx
+
 docker:
   hosts:
     cloud.vm.chapo.li:
@@ -106,6 +115,7 @@ docker:
     git.vm.chapo.li:
     todo.vm.chapo.li:
     sharkey.vm.chapo.li:
+    status.vm.chapo.li:
 
 backup:
   hosts:
@@ -167,6 +177,12 @@ backup:
         paths: [ "/root/sharkey/files", "/tmp/sharkey.sql", /root/sharkey/docker-compose.yml, /root/sharkey/.config ]
         post_hook: [ "rm /tmp/sharkey.sql" ]
 
+    status.vm.chapo.li:
+      backup:
+        pre_hook: []
+        paths: [ /root/docker-compose.yml, /root/uptime-kuma-data, /etc/nginx/sites-enabled/status.conf ]
+        post_hook: []
+
 unmanaged:
   hosts:
     freebox.gw.chapo.li:
diff --git a/roles/certbot-dns/README.md b/roles/certbot-dns/README.md
index d2c99bd..83ac3a9 100644
--- a/roles/certbot-dns/README.md
+++ b/roles/certbot-dns/README.md
@@ -7,6 +7,7 @@ usage:
   loop:
     - name: example.vm.chapo.li
       alias: [ cname.vm.chapo.li ]
+      renewal_hook: systemctl restart service
   loop_control:
     loop_var: cert
 ```
\ No newline at end of file
diff --git a/roles/certbot-dns/tasks/main.yml b/roles/certbot-dns/tasks/main.yml
index 086fb3f..5213f50 100644
--- a/roles/certbot-dns/tasks/main.yml
+++ b/roles/certbot-dns/tasks/main.yml
@@ -11,7 +11,7 @@
     mode: 0600
 
 - name: Query lets encrypt certificate
-  shell: 'letsencrypt certonly -n --dns-rfc2136 --dns-rfc2136-credentials /root/dns-secret.ini -m {{ letsencrypt_email|default("me@chapoline.me") }} --expand --agree-tos -d {{ cert.name }} {% for a in cert.alias %} -d {{a}}{% endfor %} --deploy-hook "{{ cert.renewal_hook }}"'
+  shell: 'letsencrypt certonly -n --dns-rfc2136 --dns-rfc2136-credentials /root/dns-secret.ini -m {{ letsencrypt_email|default("me@chapoline.me") }} --expand --agree-tos -d {{ cert.name }} {% for a in cert.alias %} -d {{a}}{% endfor %} {% if cert.renewal_hook %}--deploy-hook "{{ cert.renewal_hook }}"{{ endif }}'
   ignore_errors: true
 
 - name: Create a few symbolic links