diff --git a/handlers/main.yml b/handlers/main.yml index 452e151..edc1362 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Restart lego renew ansible.builtin.service: - state: restarted + state: "{{ lego_renew_enabled | ternary('restarted', 'stopped', 'restarted') }}" daemon_reload: True name: lego-renew.service listen: __lego_restart diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 77cadcc..7034670 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -11,6 +11,7 @@ - example.com - www.example.com skip_create: True + lego_renew_enabled: False pre_tasks: - name: Install requirements ansible.builtin.package: diff --git a/tasks/main.yml b/tasks/main.yml index 387e8f3..3fa6274 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -96,4 +96,4 @@ name: lego-renew.timer daemon_reload: True enabled: True - state: started + state: "{{ lego_renew_enabled | ternary('started', 'stopped', 'started') }}" diff --git a/templates/etc/systemd/system/lego-renew.service.j2 b/templates/etc/systemd/system/lego-renew.service.j2 index 3fbeab6..0159309 100644 --- a/templates/etc/systemd/system/lego-renew.service.j2 +++ b/templates/etc/systemd/system/lego-renew.service.j2 @@ -10,7 +10,7 @@ Type=oneshot EnvironmentFile={{ __lego_systemd_env }} {% for cert in lego_certificates %} -ExecStart={{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} $ARGS renew {{ '--renew-hook="' + __lego_base_dir + '/hooks/' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30 +ExecStart={{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} $ARGS renew {{ '--renew-hook="' + __lego_base_dir + '/hooks/' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30 --no-random-sleep {% endfor %} [Install]