diff --git a/README.md b/README.md index 78f5faa..338edcb 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ instance running (for web remote access if need be). We must manually unlock cer ### Files * `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume. * Relevant information should be added to `/etc/crypttab`. -* `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**. + * Make sure that `/etc/letsencrypt` directory exists * `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational. #### Installation * `install.sh` script copies Systemd files to their destination. diff --git a/etc-letsencrypt.mount b/etc-letsencrypt.mount index c21637f..cf5e86b 100644 --- a/etc-letsencrypt.mount +++ b/etc-letsencrypt.mount @@ -1,8 +1,7 @@ -# ALERT nginx.service must NOT be enabled [Unit] Description=Mount Let's Encrypt data directory Wants=systemd-cryptsetup@lecrypt.service -After=systemd-cryptsetup@lecrypt.service network.target +After=systemd-cryptsetup@lecrypt.service [Mount] What=/dev/mapper/lecrypt @@ -10,3 +9,6 @@ Where=/etc/letsencrypt Type=ext4 Options=rw,relatime TimeoutSec=45 + +[Install] +WantedBy=default.target diff --git a/etc-letsencrypt.timer b/etc-letsencrypt.timer deleted file mode 100644 index 0385e23..0000000 --- a/etc-letsencrypt.timer +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING not used in current setup -[Unit] -Description=Try to mount letsencrypt certs after boot - -[Timer] -Unit=etc-letsencrypt.mount -OnBootSec=30 - -[Install] -WantedBy=timers.target diff --git a/install.sh b/install.sh index 86b5baa..62ccbb1 100755 --- a/install.sh +++ b/install.sh @@ -24,8 +24,9 @@ $sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ echo "Reloading Systemd..." $sudo systemctl daemon-reload -echo "Disabling nginx..." -$sudo systemctl disable nginx +echo "Enabling etc-letsencrypt.mount..." +$sudo systemctl enable etc-letsencrypt.mount +# WARNING you should enable this mount (and keep nginx.service enabled) if your volume does not unlock automatically echo "Finished install. Exiting..." exit 0