improved kvmd-certbot

1 files changed, 91 insertions, 41 deletions

diff --git a/scripts/kvmd-certbot b/scripts/kvmd-certbot
index 128bb387..19f5557b 100755
--- a/scripts/kvmd-certbot
+++ b/scripts/kvmd-certbot
@@ -46,6 +46,16 @@ function create_tmp() {
 	trap cleanup EXIT
 }
 
+function ensure_runroot() {
+	if [ ! -d "$cur" ]; then
+		kvmd-pstrun -- bash -c "
+			set -ex
+			mkdir -p '$cur'
+			chown '$user:' '$cur'
+		"
+	fi
+}
+
 function restart_if_running() {
 	if systemctl is-active --quiet "$2"; then
 		echo "=> systemctl $1 $2"
@@ -53,45 +63,26 @@ function restart_if_running() {
 	fi
 }
 
-if [ "$1" == "renew" ]; then
-	create_tmp
-	cp -a "$cur"/{config,work,logs} "$tmp"
-	sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
-	shift
-	sudo -u "$user" certbot renew "$@" \
-		--config-dir="$tmp/config" \
-		--work-dir="$tmp/work" \
-		--logs-dir="$tmp/logs" \
-		--deploy-hook="/usr/bin/touch '$tmp/updated'"
-	if [ -f "$tmp/updated" ]; then
-		sudo -u "$user" kvmd-pstrun -- bash -c "
-			set -ex
-			rm -rf '$new'
-			cp -a '$tmp' '$new'
-			rm '$new/updated'
-			chmod 755 '$new/config/'{archive,live}
-			chmod 640 '$new'/config/archive/*/privkey*.pem
-			sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
-			sync
-			kvmd-helper-swapfiles '$new' '$cur'
-			rm -rf '$new'
-		"
-		restart_if_running reload kvmd-nginx
-		restart_if_running restart kvmd-vnc
-	fi
+function restart_if_running_nginx() {
+	restart_if_running reload kvmd-nginx
+}
 
-else
-	create_tmp
-	if [ ! -d "$cur" ]; then
-		kvmd-pstrun -- bash -c "
-			set -ex
-			mkdir -p '$cur'
-			chown '$user:' '$cur'
-		"
-	fi
-	if [ "$1" == "certonly-webroot" ]; then
-		shift
-		sudo -u "$user" kvmd-pstrun -- certbot certonly "$@" \
+function restart_if_running_vnc() {
+	restart_if_running restart kvmd-vnc
+}
+
+case "$1" in
+	-h|--help|help)
+		sudo -u "$user" certbot "$@" \
+			--config-dir="$cur/config" \
+			--work-dir="$cur/work" \
+			--logs-dir="$cur/logs"
+	;;
+
+	certonly)
+		create_tmp
+		ensure_runroot
+		sudo -u "$user" kvmd-pstrun -- certbot "$@" \
 			--config-dir="$cur/config" \
 			--work-dir="$cur/work" \
 			--logs-dir="$cur/logs" \
@@ -105,10 +96,69 @@ else
 				ln -s fullchain.pem server.crt
 				ln -s privkey.pem server.key
 			'"
-	else
+	;;
+
+	renew)
+		shift
+		create_tmp
+		cp -a "$cur"/{config,work,logs} "$tmp"
+		sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
+		sudo -u "$user" certbot renew "$@" \
+			--config-dir="$tmp/config" \
+			--work-dir="$tmp/work" \
+			--logs-dir="$tmp/logs" \
+			--deploy-hook="/usr/bin/touch '$tmp/updated'"
+		if [ -f "$tmp/updated" ]; then
+			sudo -u "$user" kvmd-pstrun -- bash -c "
+				set -ex
+				rm -rf '$new'
+				cp -a '$tmp' '$new'
+				rm '$new/updated'
+				chmod 755 '$new/config/'{archive,live}
+				chmod 640 '$new'/config/archive/*/privkey*.pem
+				sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
+				sync
+				kvmd-helper-swapfiles '$new' '$cur'
+				rm -rf '$new'
+			"
+			restart_if_running_nginx
+			restart_if_running_vnc
+		fi
+	;;
+
+	install)
+		case "$2" in
+			nginx|vnc)
+				if [ -z "$2" ]; then
+					echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+					exit 1
+				fi
+				set -x 
+				rm -f "/etc/kvmd/$2/ssl/server."{crt,key}
+				ln -s "$cur/config/live/$3/server."{crt,key} "/etc/kvmd/$2/ssl/"
+				"restart_if_running_$2"
+			;;
+			*)
+				echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+				exit 1
+			;;
+		esac
+	;;
+
+	--)
+		shift
+		create_tmp
+		ensure_runroot
 		sudo -u "$user" kvmd-pstrun -- certbot "$@" \
 			--config-dir="$cur/config" \
 			--work-dir="$cur/work" \
 			--logs-dir="$cur/logs"
-	fi
-fi
+	;;
+
+	*)
+		echo "This command is not implemented by kvmd-certbot."
+		echo "To pass it into certbot under PST context use '--'."
+		echo "For example: kvmd-certbot -- $*"
+		exit 1
+	;;
+esac