Añadir units de systemd para la ejecución periódica de Certbot

certbot/certbot-keycloak.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Certbot certificate renewal for Keycloak
+Wants=certbot-keycloak.timer
+
+[Service]
+ExecStart=/opt/certbot/certbot-keycloak.sh
+WorkingDirectory=/opt/certbot
+
+[Install]
+WantedBy=multi-user.target

certbot/certbot-keycloak.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+CERTBOT_VER=v1.30.0
+CNT=keycloak_nginx_proxy
+DOM=acceso.txs.es
+NGINX=/opt/nginx-proxy
+
+cd /opt/certbot
+docker run --rm \
+	-v $(pwd)/conf:/etc/letsencrypt \
+	-v $(pwd)/var:/var/lib/letsencrypt \
+	-v $(pwd)/log:/var/log/letsencrypt \
+	-v $NGINX/acme:/acme \
+	certbot/certbot:$CERTBOT_VER certonly -n --webroot -w /acme -d $DOM
+
+## Check if the Certbot execution modified the certificate in the expected path, then
+## copy the new one to the NGINX install folder and restart its container.
+cmp $NGINX/certs/keycloak-cert.pem conf/live/$DOM/fullchain.pem </dev/null >&0 2>&0
+if [ $? -ne 0 ]; then
+	echo "Updating certificate in $CNT container"
+	cp -afL conf/live/$DOM/fullchain.pem $NGINX/certs/keycloak-cert.pem
+	cp -afL conf/live/$DOM/privkey.pem $NGINX/certs/keycloak-key.pem
+	docker restart -t 2 $CNT
+else
+	echo "No new certificates detected: omitting installation in $CNT container"
+fi

certbot/certbot-keycloak.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Run certbot-keycloak service every 5 days since the last time the unit was activated
+Requires=certbot-keycloak.service
+
+[Timer]
+Unit=certbot-keycloak.service
+OnUnitInactiveSec=5days
+AccuracySec=12h
+
+[Install]
+WantedBy=timers.target