Ensure that nginx restarts after cert renewal

2022-03-08 11:56:39 -05:00 · 2022-03-08 11:56:39 -05:00 · 8371367d54
commit 8371367d54
parent f2ef1ba9f2
7 changed files with 44 additions and 2 deletions
--- a/prod/nginx/packer/Makefile
+++ b/prod/nginx/packer/Makefile
@ -5,6 +5,8 @@ packer-manifest.json: nginx.json \
                      tmp/do.ini \
                      files/certbot-renew.service \
                      files/certbot-renew.timer \
+                      files/nginx-restart.service \
+		      files/nginx-restart.timer \
                      scripts/dependencies.sh \
                      scripts/nginx.sh
 	packer build nginx.json
--- a/prod/nginx/packer/files/certbot-renew.timer
+++ b/prod/nginx/packer/files/certbot-renew.timer
@ -3,7 +3,7 @@ Description=Renew certbot certificates

 [Timer]
 OnBootSec=30s
-OnCalendar=weekly
+OnCalendar=Sat 20:00
 Persistent=true

 [Install]
--- a/prod/nginx/packer/files/nginx-restart.service
+++ b/prod/nginx/packer/files/nginx-restart.service
@ -0,0 +1,7 @@
+[Unit]
+Description=Restart nginx
+Wants=restart-nginx.timer
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/env systemctl restart nginx
--- a/prod/nginx/packer/files/nginx-restart.timer
+++ b/prod/nginx/packer/files/nginx-restart.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Restart nginx
+
+[Timer]
+OnBootSec=60s
+OnCalendar=Sat 20:02
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/prod/nginx/packer/nginx.json
+++ b/prod/nginx/packer/nginx.json
@ -34,6 +34,16 @@
      "source": "files/certbot-renew.service",
      "destination": "/tmp/certbot-renew.service"
    },
+    {
+      "type": "file",
+      "source": "files/nginx-restart.timer",
+      "destination": "/tmp/nginx-restart.timer"
+    },
+    {
+      "type": "file",
+      "source": "files/nginx-restart.service",
+      "destination": "/tmp/nginx-restart.service"
+    },
    {
      "type": "file",
      "source": "files/sshd_config",
--- a/prod/nginx/packer/packer-manifest.json
+++ b/prod/nginx/packer/packer-manifest.json
@ -89,7 +89,16 @@
      "artifact_id": "nyc1:93089106",
      "packer_run_uuid": "fbff41d7-ee1a-5bcf-6859-8655dc171dd9",
      "custom_data": null
+    },
+    {
+      "name": "digitalocean",
+      "builder_type": "digitalocean",
+      "build_time": 1646758186,
+      "files": null,
+      "artifact_id": "nyc1:103546758",
+      "packer_run_uuid": "97c2bbc0-5cb7-ce64-ccb0-9c79813534a4",
+      "custom_data": null
    }
  ],
-  "last_run_uuid": "fbff41d7-ee1a-5bcf-6859-8655dc171dd9"
+  "last_run_uuid": "97c2bbc0-5cb7-ce64-ccb0-9c79813534a4"
 }
--- a/prod/nginx/packer/scripts/nginx.sh
+++ b/prod/nginx/packer/scripts/nginx.sh
@ -21,5 +21,9 @@ sudo mv /tmp/certbot-renew.timer /etc/systemd/system/
 sudo mv /tmp/certbot-renew.service /etc/systemd/system/
 sudo systemctl enable certbot-renew.timer

+sudo mv /tmp/nginx-restart.timer /etc/systemd/system/
+sudo mv /tmp/nginx-restart.service /etc/systemd/system/
+sudo systemctl enable nginx-restart.timer
+
 sudo mv /tmp/sshd_config /etc/ssh/sshd_config
 sudo systemctl restart sshd