fix: certbot cert renew

2025-05-13 16:02:42 +08:00 · 2025-05-13 16:02:42 +08:00 · eb460ed0e2
commit eb460ed0e2
parent 2442ccf556
1 changed files with 14 additions and 13 deletions
--- a/system/modules/certbot.nix
+++ b/system/modules/certbot.nix
@ -5,12 +5,23 @@
    description = "certbot renew";
    timerConfig = {
      Persistent = true;
-      OnCalendar = "*-*-* 03:00:00";
+      OnCalendar = "*-*-* 16:30:00";
      Unit = "certbot-renew.service";
    };
    wantedBy = [ "timers.target" ];
  };

+  systemd.timers."certbot-nginx-reload" = {
+    enable = true;
+    description = "certbot renew";
+    timerConfig = {
+      Persistent = true;
+      OnCalendar = "*-*-* 16:32:00";
+      Unit = "nginx-config-reload.service";
+    };
+    wantedBy = [ "timers.target" ];
+  };
+
  systemd.services."certbot-renew" = {
    enable = true;
    after = [
@ -26,19 +37,9 @@
    };
  };

-  systemd.services."nginx-reload-after-certbot" = {
-    after = [ "certbot-renew.service" ];
-    requires = [ "certbot-renew.service" ];
-    wantedBy = [ "certbot-renew.service" ];
-    serviceConfig = {
-      Type = "oneshot";
-      User = "nginx";
-      # This config file path refers to "services.nginx.enableReload"
-      ExecStart = ''${pkgs.nginx}/bin/nginx -s reload -c /etc/nginx/nginx.conf'';
-    };
-  };
-
  systemd.services."nginx-config-reload" = {
+    after = [ "certbot-renew.service" ];
+    wantedBy = [ "certbot-renew.service" ];
    serviceConfig = {
      User = "root";
      ExecStartPre = "${pkgs.busybox}/bin/chown -R nginx:nginx /etc/letsencrypt/";