Oh right, I dealt with this a few months ago too: I got a notice from
Let's Encrypt that our code.openneo.net SSL certificate was going to
expire soon. And last time, restarting the Forgejo service fixed it and
got a new certificate issued immediately!
My inference is that the logic to check on the certificate status only
happens on startup. So, let's add code to the service file to ensure
that Forgejo will terminate after 7 days of runtime; and the
`Restart=always` setting will ensure that it comes immediately back up.
In response to a security update! I didn't bother doing the backup and
doctor and stuff this time, since this upgrade seems minor. And indeed,
just hot-swapping the binary like last time seems to have worked great!
Security update! https://forgejo.org/2024-02-release-v1-21-6-0/
Love how simple this is. I also followed the upgrade guide:
https://forgejo.org/docs/v1.21/admin/upgrade/
I did the dump (just a single command since we're on SQLite), and also
ran the `doctor`, and I broke the upgrade guidance a bit because it
returned some warnings that seemed pretty plainly non-blocking, e.g.
"orphaned OAuth2 applications belonging to no users" and stuff like
that.
Back when I had secrets just hardcoded into the repo, I added these to
make sure I wouldn't publish the repo without realizing I had left
those in! But now I've gone back and obliterated them from git history,
so we're okay to share! (Not just I committed over them, but they are
*fully gone*.)
That's a step I've been forgetting with services lately, but yeah, I
ran into this where analytics.openneo.net went down and I wasn't sure
why it didn't get auto-restarted, and I think it being Started But Not
Enabled is why.
So, ta-da! Fix it here before we run into that lol.
Also I refactored the handlers a bit, after seeing how I did it in the
analytics Ansible file and going like. Oh, yeah, that's just better lol
EDIT: I originally committed the actual secrets into this file, but
since came back in git history and rewrote this commit to redact them!
I wasn't expecting to share this repo, but now I am!