r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: rewrite README with structured overview and quick start guide

Browse Source 
Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.
This commit is contained in:
Robert
2026-03-03 12:49:06 +00:00
parent c7be03a743
commit b4d60f2f38
219 changed files with 34586 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
ansible/certbot/renewal-hook.sh.j2 Normal file
View File

@@ -0,0 +1,52 @@
#!/bin/bash
# Certbot post-renewal hook for HAProxy
# Managed by Ansible - DO NOT EDIT MANUALLY
#
# This script:
# 1. Combines fullchain.pem + privkey.pem into HAProxy format
# 2. Sets correct permissions
# 3. Reloads HAProxy via Docker
# 4. Updates certificate metrics for Prometheus
set -euo pipefail
CERT_NAME="{{ certbot_cert_name }}"
CERT_DIR="{{ certbot_directory }}/config/live/${CERT_NAME}"
HAPROXY_CERT="{{ haproxy_cert_path }}"
HAPROXY_DIR="{{ haproxy_directory }}"
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Starting renewal hook for ${CERT_NAME}"
# Check if certificate files exist
if [[ ! -f "${CERT_DIR}/fullchain.pem" ]] || [[ ! -f "${CERT_DIR}/privkey.pem" ]]; then
echo "ERROR: Certificate files not found in ${CERT_DIR}"
exit 1
fi
# Combine certificate and private key for HAProxy
# HAProxy requires both in a single PEM file
cat "${CERT_DIR}/fullchain.pem" "${CERT_DIR}/privkey.pem" > "${HAPROXY_CERT}.tmp"
# Atomic move to avoid HAProxy reading partial file
mv "${HAPROXY_CERT}.tmp" "${HAPROXY_CERT}"
# Set permissions
chown {{ certbot_user }}:{{ haproxy_group }} "${HAPROXY_CERT}"
chmod 640 "${HAPROXY_CERT}"
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Certificate combined and written to ${HAPROXY_CERT}"
# Reload HAProxy if running
if docker ps --format '{{ '{{' }}.Names{{ '}}' }}' | grep -q haproxy; then
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Reloading HAProxy..."
cd "${HAPROXY_DIR}"
docker compose kill -s HUP haproxy || docker-compose kill -s HUP haproxy
echo "[$(date '+%Y-%m-%d %H:%M:%S')] HAProxy reloaded"
else
echo "[$(date '+%Y-%m-%d %H:%M:%S')] HAProxy not running, skipping reload"
fi
# Update certificate metrics
{{ certbot_directory }}/hooks/cert-metrics.sh
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Renewal hook completed successfully"