diff options
| author | alex <alex@pdp7.net> | 2025-03-16 13:50:12 +0100 |
|---|---|---|
| committer | alexpdp7 <alex@corcoles.net> | 2025-03-17 09:42:22 +0100 |
| commit | 186971cab95e79186e5b5c13b5a72a2b0a46fe2b (patch) | |
| tree | a7e1410bc04b2ba2b555c979f50f37a5b5b3de61 /personal_infra | |
| parent | ad20874a672019c01665b077cd3a59dfdbe4edd8 (diff) | |
Try fixing certificate renewal issue
Invoking a script from Apache httpd requires escalating privileges, and
setuid does not work for scripts.
But cron.daily runs as root, and it should be enough.
Also remove unnecessary require.
This solves 2 items from https://github.com/alexpdp7/alexpdp7/issues/28
Diffstat (limited to 'personal_infra')
| -rw-r--r-- | personal_infra/puppet/modules/proxmox/manifests/proxy.pp | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp index d8081214..5eb99f1c 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp @@ -4,7 +4,6 @@ class proxmox::proxy ($mail, $base_hostname) { service {'apache2': enable => true, ensure => running, - require => File['/usr/local/bin/notify_md_renewal'], } $apache_dep = { @@ -24,7 +23,6 @@ class proxmox::proxy ($mail, $base_hostname) { MDomain $base_hostname auto MDCertificateAgreement accepted MDContactEmail $mail - MDNotifyCmd /usr/local/bin/notify_md_renewal <VirtualHost *:443> ServerName $base_hostname @@ -35,7 +33,7 @@ class proxmox::proxy ($mail, $base_hostname) { * => $apache_dep } - file {'/usr/local/bin/notify_md_renewal': + file {'/etc/cron.daily/renew_md_certificates': content => @("EOT"/$) #!/bin/sh @@ -46,7 +44,7 @@ class proxmox::proxy ($mail, $base_hostname) { done | EOT , - mode => '4755', + mode => '0755', } service {'nagios':} |