jean-cloud-services/services/dnscerts.jean-cloud.org/deploy_user.sh

41 lines
1.2 KiB
Bash
Raw Normal View History

2024-06-15 15:59:53 +00:00
#!/bin/bash
set -u
. driglibash-base
# For some variables
. /etc/jeancloud.env
# Test secret presence
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
export workdir="$(mktemp -d)"
mkdir -p "$workdir/{work,logs}"
echo "Renew existing certs"
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir" || true
echo "For each service, read all possible domains"
while IFS=';' read -r id username service target ; do
if [ -z "$service" ] ; then continue ; fi
if [ -d "$DATA_DIR/certs/live/$service" ] ; then
#echo "Already exists, thats a job for renew : $service"
continue
fi
# acme
"$DOCKER_DIR/acme-dns.sh" "$service" "$workdir"
done < <(grep -v '^#' "$servicefile")
echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') nougaro tetede montbonnot max raku izzo ; do
server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server"
2024-10-16 09:41:44 +00:00
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
2024-06-15 15:59:53 +00:00
done