summaryrefslogtreecommitdiff
path: root/scripts/kvmd-certbot
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/kvmd-certbot')
-rwxr-xr-xscripts/kvmd-certbot132
1 files changed, 91 insertions, 41 deletions
diff --git a/scripts/kvmd-certbot b/scripts/kvmd-certbot
index 128bb387..19f5557b 100755
--- a/scripts/kvmd-certbot
+++ b/scripts/kvmd-certbot
@@ -46,6 +46,16 @@ function create_tmp() {
trap cleanup EXIT
}
+function ensure_runroot() {
+ if [ ! -d "$cur" ]; then
+ kvmd-pstrun -- bash -c "
+ set -ex
+ mkdir -p '$cur'
+ chown '$user:' '$cur'
+ "
+ fi
+}
+
function restart_if_running() {
if systemctl is-active --quiet "$2"; then
echo "=> systemctl $1 $2"
@@ -53,45 +63,26 @@ function restart_if_running() {
fi
}
-if [ "$1" == "renew" ]; then
- create_tmp
- cp -a "$cur"/{config,work,logs} "$tmp"
- sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
- shift
- sudo -u "$user" certbot renew "$@" \
- --config-dir="$tmp/config" \
- --work-dir="$tmp/work" \
- --logs-dir="$tmp/logs" \
- --deploy-hook="/usr/bin/touch '$tmp/updated'"
- if [ -f "$tmp/updated" ]; then
- sudo -u "$user" kvmd-pstrun -- bash -c "
- set -ex
- rm -rf '$new'
- cp -a '$tmp' '$new'
- rm '$new/updated'
- chmod 755 '$new/config/'{archive,live}
- chmod 640 '$new'/config/archive/*/privkey*.pem
- sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
- sync
- kvmd-helper-swapfiles '$new' '$cur'
- rm -rf '$new'
- "
- restart_if_running reload kvmd-nginx
- restart_if_running restart kvmd-vnc
- fi
+function restart_if_running_nginx() {
+ restart_if_running reload kvmd-nginx
+}
-else
- create_tmp
- if [ ! -d "$cur" ]; then
- kvmd-pstrun -- bash -c "
- set -ex
- mkdir -p '$cur'
- chown '$user:' '$cur'
- "
- fi
- if [ "$1" == "certonly-webroot" ]; then
- shift
- sudo -u "$user" kvmd-pstrun -- certbot certonly "$@" \
+function restart_if_running_vnc() {
+ restart_if_running restart kvmd-vnc
+}
+
+case "$1" in
+ -h|--help|help)
+ sudo -u "$user" certbot "$@" \
+ --config-dir="$cur/config" \
+ --work-dir="$cur/work" \
+ --logs-dir="$cur/logs"
+ ;;
+
+ certonly)
+ create_tmp
+ ensure_runroot
+ sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \
--work-dir="$cur/work" \
--logs-dir="$cur/logs" \
@@ -105,10 +96,69 @@ else
ln -s fullchain.pem server.crt
ln -s privkey.pem server.key
'"
- else
+ ;;
+
+ renew)
+ shift
+ create_tmp
+ cp -a "$cur"/{config,work,logs} "$tmp"
+ sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
+ sudo -u "$user" certbot renew "$@" \
+ --config-dir="$tmp/config" \
+ --work-dir="$tmp/work" \
+ --logs-dir="$tmp/logs" \
+ --deploy-hook="/usr/bin/touch '$tmp/updated'"
+ if [ -f "$tmp/updated" ]; then
+ sudo -u "$user" kvmd-pstrun -- bash -c "
+ set -ex
+ rm -rf '$new'
+ cp -a '$tmp' '$new'
+ rm '$new/updated'
+ chmod 755 '$new/config/'{archive,live}
+ chmod 640 '$new'/config/archive/*/privkey*.pem
+ sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
+ sync
+ kvmd-helper-swapfiles '$new' '$cur'
+ rm -rf '$new'
+ "
+ restart_if_running_nginx
+ restart_if_running_vnc
+ fi
+ ;;
+
+ install)
+ case "$2" in
+ nginx|vnc)
+ if [ -z "$2" ]; then
+ echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+ exit 1
+ fi
+ set -x
+ rm -f "/etc/kvmd/$2/ssl/server."{crt,key}
+ ln -s "$cur/config/live/$3/server."{crt,key} "/etc/kvmd/$2/ssl/"
+ "restart_if_running_$2"
+ ;;
+ *)
+ echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+ exit 1
+ ;;
+ esac
+ ;;
+
+ --)
+ shift
+ create_tmp
+ ensure_runroot
sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \
--work-dir="$cur/work" \
--logs-dir="$cur/logs"
- fi
-fi
+ ;;
+
+ *)
+ echo "This command is not implemented by kvmd-certbot."
+ echo "To pass it into certbot under PST context use '--'."
+ echo "For example: kvmd-certbot -- $*"
+ exit 1
+ ;;
+esac