From 1eff115b7b65748f1cbd522caa047c91d193b676 Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Fri, 1 Dec 2023 20:01:42 +0100
Subject: [PATCH] Add systemd override to certbot.service to run certbot in the
 venv

---
 .../files/certbot.service.d/use_venv.conf     |  3 +++
 roles/deploy_certificate/tasks/main.yml       | 22 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 roles/deploy_certificate/files/certbot.service.d/use_venv.conf

diff --git a/roles/deploy_certificate/files/certbot.service.d/use_venv.conf b/roles/deploy_certificate/files/certbot.service.d/use_venv.conf
new file mode 100644
index 0000000..7f16bbf
--- /dev/null
+++ b/roles/deploy_certificate/files/certbot.service.d/use_venv.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/etc/letsencrypt/certbot_dns_infomaniak_venv/bin/certbot -q renew --no-random-sleep-on-renew
diff --git a/roles/deploy_certificate/tasks/main.yml b/roles/deploy_certificate/tasks/main.yml
index 92a5fc8..8e2cc14 100644
--- a/roles/deploy_certificate/tasks/main.yml
+++ b/roles/deploy_certificate/tasks/main.yml
@@ -48,3 +48,25 @@
       - "{{ server_admin }}"
       - --agree-tos
     creates: "/etc/letsencrypt/live/{{ domain }}"
+
+- name: Create directory for certbot.service override
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/system/certbot.service.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Create override for certbot.service
+  become: true
+  ansible.builtin.copy:
+    src: certbot.service.d/use_venv.conf
+    dest: /etc/systemd/system/certbot.service.d/use_venv.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload systemd daemon
+
+- name: Make sure systemd daemon is reloaded
+  ansible.builtin.meta: flush_handlers