ansible-roles/roles/vault/templates/dehydrated_hook.j2

#!/bin/sh

set -eo pipefail

{% if vault_letsencrypt_cert is defined %}

if [ $1 == "{{ pg_letsencrypt_cert }}" ]; then
  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/fullchain.pem {{ vault_root_dir }}/tls/vault.crt
  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/privkey.pem {{ vault_root_dir }}/tls/vault.key
  chown root:vault {{ vault_root_dir }}/tls/vault.key
  chown root:root {{ vault_root_dir }}/tls/vault.crt
  chmod 640 {{ vault_root_dir }}/tls/vault.key
  chmod 644 {{ vault_root_dir }}/tls/vault.crt
  systemctl reload vault
fi

{% else %}

# No Let's Encrypt cert configured, nothing to do
exit 0

{% endif %}
Update to 2022-08-31 13:00 2022-08-31 13:00:17 +02:00			`#!/bin/sh`

			`set -eo pipefail`

			`{% if vault_letsencrypt_cert is defined %}`

			`if [ $1 == "{{ pg_letsencrypt_cert }}" ]; then`
			`cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/fullchain.pem {{ vault_root_dir }}/tls/vault.crt`
			`cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/privkey.pem {{ vault_root_dir }}/tls/vault.key`
			`chown root:vault {{ vault_root_dir }}/tls/vault.key`
			`chown root:root {{ vault_root_dir }}/tls/vault.crt`
			`chmod 640 {{ vault_root_dir }}/tls/vault.key`
			`chmod 644 {{ vault_root_dir }}/tls/vault.crt`
			`systemctl reload vault`
			`fi`

			`{% else %}`

			`# No Let's Encrypt cert configured, nothing to do`
			`exit 0`

			`{% endif %}`