From 658c68adb0f6e4fc358e36d4f8142922795aa5e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Thu, 22 Sep 2022 23:57:51 -0600 Subject: [PATCH] Add coturn letsencrypt post hook --- nextcloud/ansible/roles/turn/tasks/main.yml | 12 ++++++++++++ .../roles/turn/templates/copy_coturn_certs.sh.j2 | 6 ++++++ 2 files changed, 18 insertions(+) create mode 100644 nextcloud/ansible/roles/turn/templates/copy_coturn_certs.sh.j2 diff --git a/nextcloud/ansible/roles/turn/tasks/main.yml b/nextcloud/ansible/roles/turn/tasks/main.yml index d54d74d..a973322 100644 --- a/nextcloud/ansible/roles/turn/tasks/main.yml +++ b/nextcloud/ansible/roles/turn/tasks/main.yml @@ -96,6 +96,18 @@ cmd: certbot certonly -d {{ turn_fqdn }} creates: "/etc/letsencrypt/live/{{ turn_fqdn }}/fullchain.pem" + - name: Configure coturn + ansible.builtin.template: + src: copy_coturn_certs.sh.j2 + dest: /etc/letsencrypt/renewal-hooks/post/copy_coturn_certs.sh + owner: root + group: coturn + mode: '0700' + + - name: Run coturn post hook + ansible.builtin.command: + cmd: /etc/letsencrypt/renewal-hooks/post/copy_coturn_certs.sh + - name: Enable certbot's renew timer ansible.builtin.systemd: name: certbot-renew.timer diff --git a/nextcloud/ansible/roles/turn/templates/copy_coturn_certs.sh.j2 b/nextcloud/ansible/roles/turn/templates/copy_coturn_certs.sh.j2 new file mode 100644 index 0000000..3ce6d71 --- /dev/null +++ b/nextcloud/ansible/roles/turn/templates/copy_coturn_certs.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/bash + +cp -H /etc/letsencrypt/live/{{ turn_fqdn }}/fullchain.pem /etc/pki/coturn/public/ +cp -H /etc/letsencrypt/live/{{ turn_fqdn }}/privkey.pem /etc/pki/coturn/private/ +chgrp coturn /etc/pki/coturn/private/privkey.pem +chmod g+r /etc/pki/coturn/private/privkey.pem