On 7/31/23 17:18, Nils Kattenbeck wrote:
Huh, I am actually surprised to discover that httpd does not watch these
files itself.
To be honest, I never even considered the posibility that it might do
that. Unfortunately, testing reveals that it doesn't do so.
Regardless, I think the systemd way
1. decide on a global path like `/run/http/restart'
2. give your LE script access to write there
3. use a `.path' unit to trigger on the file above being created and triggering
a one-liner that running as root restarts apache and deletes the file again
This way your “run as root” is limited to th
That's how I do it. Path units are a good solution here as they maintain loose
coupling between the cert management and consumption.
On Mon, Jul 31, 2023, at 16:56, Max Gautier wrote:
> On Mon, Jul 31, 2023 at 03:23:26PM -0500, Ian Pilcher wrote:
>> I have created service (along with an associate
On Mon, Jul 31, 2023 at 03:23:26PM -0500, Ian Pilcher wrote:
> I have created service (along with an associated timer) that checks the
> remaining life of a TLS certificate and retrieves an updated certificate
> from Let's Encrypt if the remaining life is too short.
Is the updated certificate plac
What is the recommended way for a service that runs as a non-root user
to *conditionally* restart (or reload) another service?
I have created service (along with an associated timer) that checks the
remaining life of a TLS certificate and retrieves an updated certificate
from Let's Encrypt if the
After reading both nspwan and machinectl documentation, I couldn't find
instructions on how to limit network bandwidth on a nspawn container
through nspawn itself (or machinectl).
Doesn nspawn and/or machinectl offer such an option and, if not, is it a
problem to use external tools like "tc" (traf