From dba626cf8f6145662693254b59bb7070e107b9f1 Mon Sep 17 00:00:00 2001
From: Denis Shtanskiy <denis_shtanskii@bk.ru>
Date: Mon, 22 Apr 2024 11:42:32 +0300
Subject: [PATCH] =?UTF-8?q?fix:=20=D0=9D=D0=B0=D1=81=D1=82=D1=80=D0=BE?=
 =?UTF-8?q?=D0=B5=D0=BD=D0=B0=20=D0=BF=D0=B5=D1=80=D0=B5=D0=B2=D1=8B=D0=B4?=
 =?UTF-8?q?=D0=B0=D1=87=D0=B0=20=D1=81=D0=B5=D1=80=D1=82=D0=B8=D1=84=D0=B8?=
 =?UTF-8?q?=D0=BA=D0=B0=D1=82=D0=BE=D0=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/deploy.yaml      | 13 +++++++++++--
 infra/certbot/Dockerfile           |  8 ++++----
 infra/certbot/certbot_cron.cron    |  3 ---
 infra/certbot_renew.sh             |  4 ++++
 infra/docker-compose-prod.yaml     |  5 +++--
 src/backend/config/settings/dev.py |  8 ++++++++
 6 files changed, 30 insertions(+), 11 deletions(-)
 delete mode 100644 infra/certbot/certbot_cron.cron
 create mode 100644 infra/certbot_renew.sh

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index e89c968..a55f8db 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -116,6 +116,15 @@ jobs:
         passphrase: ${{ secrets.SSH_PASSPHRASE }}
         source: "infra/docker-compose-prod.yaml"
         target: "codepet"
+    - name: Copy certbot_renew script via ssh
+      uses: appleboy/scp-action@master
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USER }}
+        key: ${{ secrets.SSH_KEY }}
+        passphrase: ${{ secrets.SSH_PASSPHRASE }}
+        source: "infra/certbot_renew.sh"
+        target: "codepet"
     - name: Executing remote ssh commands to deploy
       uses: appleboy/ssh-action@master
       with:
@@ -131,6 +140,6 @@ jobs:
           sudo docker compose -f docker-compose-prod.yaml exec backend python manage.py migrate
           sudo docker compose -f docker-compose-prod.yaml exec backend python manage.py collectstatic --no-input
           sudo docker compose -f docker-compose-prod.yaml exec backend cp -r static/. /backend_static/static/
-          sudo docker compose -f docker-compose-prod.yaml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d devcodepet.tw1.ru
-          sudo docker compose -f docker-compose-prod.yaml run --rm certbot renew
+          sudo docker compose -f docker-compose-prod.yaml exec restart nginx
+          sudo echo "0 */12 * * * /root/codepet/infra/certbot_renew.sh && perl -e 'sleep int(rand(43200))" | crontab -
           sudo docker system prune -f
diff --git a/infra/certbot/Dockerfile b/infra/certbot/Dockerfile
index f91f238..580242e 100644
--- a/infra/certbot/Dockerfile
+++ b/infra/certbot/Dockerfile
@@ -1,9 +1,9 @@
 FROM certbot/certbot
 
-RUN apt-get update && apt-get install -y cron
-
 ARG DOMAIN_NAME
 
-COPY certbot_cron.cron /etc/cron.d/certbot_cron
+COPY certbot_renew.sh /usr/local/bin/
+
+RUN chmod +x /usr/local/bin/certbot_renew.sh
 
-CMD ["cron", "-f"]
+RUN echo "0 0 1 */2 * /usr/local/bin/certbot_renew.sh" | crontab -
diff --git a/infra/certbot/certbot_cron.cron b/infra/certbot/certbot_cron.cron
deleted file mode 100644
index 28416e6..0000000
--- a/infra/certbot/certbot_cron.cron
+++ /dev/null
@@ -1,3 +0,0 @@
-SHELL=/bin/bash
-PATH=/bin:/user/bin:/sbin:/user/sbin
-0 0 */60 * * root certbot renew --non-interactive
diff --git a/infra/certbot_renew.sh b/infra/certbot_renew.sh
new file mode 100644
index 0000000..7d9a41f
--- /dev/null
+++ b/infra/certbot_renew.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker compose -f docker-compose-prod.yaml exec -ti certbot certbot renew --quiet --non-interactive
+docker compose -f docker-compose-prod.yaml restart nginx
diff --git a/infra/docker-compose-prod.yaml b/infra/docker-compose-prod.yaml
index 0a334df..a5e82dc 100644
--- a/infra/docker-compose-prod.yaml
+++ b/infra/docker-compose-prod.yaml
@@ -64,12 +64,13 @@ services:
       - frontend
 
   certbot:
-    image: ${DOCKERHUB_USERNAME}/${PROJECT_NAME}_certbot:latest
+    image: certbot/certbot
     env_file: .env
+    environment:
+      - TZ=Europe/Moscow
     volumes:
       - certbot:/var/www/certbot/
       - letsencrypt:/etc/letsencrypt/
-      - ./certbot_cron:etc/cron.d/certbot_cron:ro
     restart: unless-stopped
     depends_on:
       - nginx
diff --git a/src/backend/config/settings/dev.py b/src/backend/config/settings/dev.py
index 375bdf1..42b2273 100644
--- a/src/backend/config/settings/dev.py
+++ b/src/backend/config/settings/dev.py
@@ -1,5 +1,7 @@
 from .base import *  # noqa
 
+DEBUG = True
+
 EMAIL_USE_TLS = True
 EMAIL_USE_SSL = False
 EMAIL_PORT = 587
@@ -10,6 +12,12 @@
     "http://localhost:3000",
 ]
 
+# CSRF_TRUSTED_ORIGINS = [
+#     "https://89.23.117.80",
+#     "https://devcodepet.tw1.ru",
+# ]
+
+
 LOGGING["loggers"].pop("django.db.backends", None)
 LOGGING["loggers"]["django"]["level"] = "WARNING"