add cron to renew taiga cert

roles/taiga/files/cron-renew-cert

@@ -0,0 +1 @@
+* * * * 0 root /usr/local/bin/renew-cert.sh

roles/taiga/files/renew-cert.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# backup and renew letsencrypt certificate. it checks if cert need renewal. if not nginx will not stop
+
+BACKUPDIR=/backups
+# create backup
+/usr/bin/tar Pczf /$BACKUPDIR/letsencrypt-$(date +%F).tgz /etc/letsencrypt
+
+# check and renew if required. if so do it in standalone mode
+/usr/bin/certbot renew -q --pre-hook "/usr/bin/systemctl stop nginx" --post-hook "/usr/bin/systemctl start nginx"
+
+# delete the backup three weeks ago.
+rm -f /$BACKUPDIR/letsencrypt-$(date --date="3 weeks ago" +%F).tgz
+

roles/taiga/handlers/main.yml

@@ -13,3 +13,7 @@
 
 - name: restart postfix
   service: name=postfix state=restarted
+
+- name: restart crond
+  service: name=crond state=restarted
+

roles/taiga/tasks/main.yml

@@ -185,6 +185,17 @@
         state=link
   tags: taiga
 ### DONE with taiga-front
+### cron to renew and backup certificates
+- file: src=renew-cert.sh dest=/usr/local/bin/renew-cert.sh mode=0755
+  tags:
+  - taiga
+  - cron
+
+- file: src=cron-renew-cert dest=/etc/cron.d/cron-renew-cert
+  notify: restart crond
+  tags:
+  - taiga
+  - cron
 
 ### FINALLY, nginx to serve/proxy it all
 - template: src=taiga-http.nginx dest=/etc/nginx/conf.d/taiga-http.conf