dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: certbot cert renew

Browse source
This commit is contained in:
DACHXY 2025-05-13 16:02:42 +08:00
parent 2442ccf556
commit eb460ed0e2
1 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
system/modules/certbot.nix
View file

@ -5,12 +5,23 @@
description = "certbot renew"; description = "certbot renew";
timerConfig = { timerConfig = {
Persistent = true; Persistent = true;
OnCalendar = "*-*-* 03:00:00"; OnCalendar = "*-*-* 16:30:00";
Unit = "certbot-renew.service"; Unit = "certbot-renew.service";
}; };
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
}; };
systemd.timers."certbot-nginx-reload" = {
enable = true;
description = "certbot renew";
timerConfig = {
Persistent = true;
OnCalendar = "*-*-* 16:32:00";
Unit = "nginx-config-reload.service";
};
wantedBy = [ "timers.target" ];
};
systemd.services."certbot-renew" = { systemd.services."certbot-renew" = {
enable = true; enable = true;
after = [ after = [
@ -26,19 +37,9 @@
}; };
}; };
systemd.services."nginx-reload-after-certbot" = {
after = [ "certbot-renew.service" ];
requires = [ "certbot-renew.service" ];
wantedBy = [ "certbot-renew.service" ];
serviceConfig = {
Type = "oneshot";
User = "nginx";
# This config file path refers to "services.nginx.enableReload"
ExecStart = ''${pkgs.nginx}/bin/nginx -s reload -c /etc/nginx/nginx.conf'';
};
};
systemd.services."nginx-config-reload" = { systemd.services."nginx-config-reload" = {
after = [ "certbot-renew.service" ];
wantedBy = [ "certbot-renew.service" ];
serviceConfig = { serviceConfig = {
User = "root"; User = "root";
ExecStartPre = "${pkgs.busybox}/bin/chown -R nginx:nginx /etc/letsencrypt/"; ExecStartPre = "${pkgs.busybox}/bin/chown -R nginx:nginx /etc/letsencrypt/";