From 3e46e4ba8f5afc4ec7f494e9c1fb6a773ec0cfdf Mon Sep 17 00:00:00 2001
From: Nikolaos Kakouros <nkak@kth.se>
Date: Wed, 6 Sep 2017 22:11:17 +0200
Subject: [PATCH] Switches from cron to systemd

---
 handlers/main.yml                  |  8 ++++++++
 tasks/main.yml                     |  2 +-
 tasks/systemd.yml                  | 13 +++++++++++++
 templates/certbot-renew.service.j2 |  9 +++++++++
 templates/certbot-renew.timer.j2   |  9 +++++++++
 vars/Ubuntu-16.04.yml              |  1 +
 6 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/systemd.yml
 create mode 100644 templates/certbot-renew.service.j2
 create mode 100644 templates/certbot-renew.timer.j2

diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..f05e42b
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Restart certbot-renew service
+  service:
+    name: certbot-renew
+    state: restarted
+    enabled: true
+  listen: restart-certbot-renew-service
diff --git a/tasks/main.yml b/tasks/main.yml
index 5324ff9..9c28cb8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,5 +7,5 @@
 - include: install-from-source.yml
   when: certbot_install_from_source
 
-- include: renew-cron.yml
+- include: systemd.yml
   when: certbot_auto_renew
diff --git a/tasks/systemd.yml b/tasks/systemd.yml
new file mode 100644
index 0000000..69ab4ff
--- /dev/null
+++ b/tasks/systemd.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Create certbot-renew service
+  template:
+    src: certbot-renew.service.j2
+    dest: /etc/systemd/system/certbot-renew.service
+  notify: restart-certbot-renew-service
+
+- name: Create certbot-renew timer
+  template:
+    src: certbot-renew.timer
+    dest: /etc/systemd/system/certbot-renew.timer
+  notify: restart-certbot-renew-service
diff --git a/templates/certbot-renew.service.j2 b/templates/certbot-renew.service.j2
new file mode 100644
index 0000000..3ad36ec
--- /dev/null
+++ b/templates/certbot-renew.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Let's Encrypt renewal
+
+[Service]
+User={{ certbot_auto_renew_user }}
+Type=oneshot
+ExecStart={{ certbot_script }} renew --quiet --agree-tos
+
+ExecStartPost=/bin/systemctl reload {{ certbot_web_service }}.service
diff --git a/templates/certbot-renew.timer.j2 b/templates/certbot-renew.timer.j2
new file mode 100644
index 0000000..cbddb89
--- /dev/null
+++ b/templates/certbot-renew.timer.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Periodically check for Let's Encrypt's certificates renewal
+
+[Timer]
+OnCalendar=*-*-* {{ certbot_auto_renew_hour }}:{{ certbot_auto_renew_minute }}:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/vars/Ubuntu-16.04.yml b/vars/Ubuntu-16.04.yml
index 90e9138..50d9a46 100644
--- a/vars/Ubuntu-16.04.yml
+++ b/vars/Ubuntu-16.04.yml
@@ -1 +1,2 @@
 certbot_package: letsencrypt
+certbot_web_service: apache2