From 3189b02479f70b7c351e4f4d98f3ce141dbe957a Mon Sep 17 00:00:00 2001
From: doteast <ali.elkhalidi@gmail.com>
Date: Wed, 2 Nov 2016 18:10:34 +0000
Subject: [PATCH] add cron to renew taiga cert

---
 roles/taiga/files/cron-renew-cert |  1 +
 roles/taiga/files/renew-cert.sh   | 13 +++++++++++++
 roles/taiga/handlers/main.yml     |  4 ++++
 roles/taiga/tasks/main.yml        | 11 +++++++++++
 4 files changed, 29 insertions(+)
 create mode 100644 roles/taiga/files/cron-renew-cert
 create mode 100644 roles/taiga/files/renew-cert.sh

diff --git a/roles/taiga/files/cron-renew-cert b/roles/taiga/files/cron-renew-cert
new file mode 100644
index 0000000000..486ebdd6a0
--- /dev/null
+++ b/roles/taiga/files/cron-renew-cert
@@ -0,0 +1 @@
+* * * * 0 root /usr/local/bin/renew-cert.sh
diff --git a/roles/taiga/files/renew-cert.sh b/roles/taiga/files/renew-cert.sh
new file mode 100644
index 0000000000..7f4bcab106
--- /dev/null
+++ b/roles/taiga/files/renew-cert.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# backup and renew letsencrypt certificate. it checks if cert need renewal. if not nginx will not stop
+
+BACKUPDIR=/backups
+# create backup
+/usr/bin/tar Pczf /$BACKUPDIR/letsencrypt-$(date +%F).tgz /etc/letsencrypt
+
+# check and renew if required. if so do it in standalone mode
+/usr/bin/certbot renew -q --pre-hook "/usr/bin/systemctl stop nginx" --post-hook "/usr/bin/systemctl start nginx"
+
+# delete the backup three weeks ago.
+rm -f /$BACKUPDIR/letsencrypt-$(date --date="3 weeks ago" +%F).tgz
+
diff --git a/roles/taiga/handlers/main.yml b/roles/taiga/handlers/main.yml
index 21aade7827..8d2461b94a 100644
--- a/roles/taiga/handlers/main.yml
+++ b/roles/taiga/handlers/main.yml
@@ -13,3 +13,7 @@
 
 - name: restart postfix
   service: name=postfix state=restarted
+
+- name: restart crond
+  service: name=crond state=restarted
+
diff --git a/roles/taiga/tasks/main.yml b/roles/taiga/tasks/main.yml
index 118fa4e829..19b4fae0a7 100644
--- a/roles/taiga/tasks/main.yml
+++ b/roles/taiga/tasks/main.yml
@@ -185,6 +185,17 @@
         state=link
   tags: taiga
 ### DONE with taiga-front
+### cron to renew and backup certificates
+- file: src=renew-cert.sh dest=/usr/local/bin/renew-cert.sh mode=0755
+  tags:
+  - taiga
+  - cron
+
+- file: src=cron-renew-cert dest=/etc/cron.d/cron-renew-cert
+  notify: restart crond
+  tags:
+  - taiga
+  - cron
 
 ### FINALLY, nginx to serve/proxy it all
 - template: src=taiga-http.nginx dest=/etc/nginx/conf.d/taiga-http.conf