ansible-roles/roles/postgresql_server/templates/dehydrated_hook.j2

#!/bin/sh

{% if pg_letsencrypt_cert is defined %}

if [ $1 == "{{ pg_letsencrypt_cert | split | first }}" ]; then
  cp /var/lib/dehydrated/certificates/certs/{{ pg_letsencrypt_cert | split | first }}/fullchain.pem /var/lib/pgsql/ssl/server.crt
  cp /var/lib/dehydrated/certificates/certs/{{ pg_letsencrypt_cert | split | first }}/privkey.pem /var/lib/pgsql/ssl/server.key
  chown root:postgres /var/lib/pgsql/ssl/server.key
  chown root:root /var/lib/pgsql/ssl/server.crt
  chmod 640 /var/lib/pgsql/ssl/server.key
  chmod 644 /var/lib/pgsql/ssl/server.crt
  systemctl reload postgresql{{ (pg_version != 'default') | ternary('-' + pg_version | string,'') }}
fi

{% else %}

# No Let's Encrypt cert configured, nothing to do
exit 0

{% endif %}
Update to 2022-03-18 15:00 2022-03-18 15:00:07 +01:00			`#!/bin/sh`

			`{% if pg_letsencrypt_cert is defined %}`

Update to 2024-12-13 15:02 2024-12-13 15:02:00 +01:00			`if [ $1 == "{{ pg_letsencrypt_cert \| split \| first }}" ]; then`
			`cp /var/lib/dehydrated/certificates/certs/{{ pg_letsencrypt_cert \| split \| first }}/fullchain.pem /var/lib/pgsql/ssl/server.crt`
			`cp /var/lib/dehydrated/certificates/certs/{{ pg_letsencrypt_cert \| split \| first }}/privkey.pem /var/lib/pgsql/ssl/server.key`
Update to 2022-03-18 15:00 2022-03-18 15:00:07 +01:00			`chown root:postgres /var/lib/pgsql/ssl/server.key`
			`chown root:root /var/lib/pgsql/ssl/server.crt`
			`chmod 640 /var/lib/pgsql/ssl/server.key`
			`chmod 644 /var/lib/pgsql/ssl/server.crt`
			`systemctl reload postgresql{{ (pg_version != 'default') \| ternary('-' + pg_version \| string,'') }}`
			`fi`

			`{% else %}`

			`# No Let's Encrypt cert configured, nothing to do`
			`exit 0`

			`{% endif %}`