Handle DNS renewal

deploy.py

@@ -148,3 +148,17 @@ systemd.service(
     enabled=True,
 )
 
+files.put(
+    name='Set LE pre renewal-hook',
+    src='files/stop-adguard.sh',
+    dest='/etc/letsencrypt/renewal-hooks/pre/stop-adguard.sh',
+    mode='755',
+)
+
+files.put(
+    name='Set LE post renewal-hook',
+    src='files/start-adguard.sh',
+    dest='/etc/letsencrypt/renewal-hooks/post/start-adguard.sh',
+    mode='755',
+)
+

files/start-adguard.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+install -o adguard -g adguard -m 600 /etc/letsencrypt/live/dns.benpro.fr/privkey.pem /home/adguard/
+install -o adguard -g adguard -m 600 /etc/letsencrypt/live/dns.benpro.fr/fullchain.pem /home/adguard/
+systemctl start AdGuardHome.service

files/stop-adguard.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+systemctl stop AdGuardHome.service