jean-cloud-services/services/dnscerts.jean-cloud.org/run_as.sh
Adrian Amaglio 82c3f2bb2e update
2023-10-16 10:47:35 +02:00

57 lines
1.5 KiB
Bash
Executable File

#!/bin/bash
set -euo pipefail
. driglibash-base
here="$(where)"
# For some variables
. /etc/jeancloud.env
set -a
. "$here/.env"
set +a
# Test secret presence
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
export tmp="$(mktemp -d)"
mkdir -p "$tmp/{work,logs}"
# If there is some args, populate a fake service file
if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
servicefile="$(mktemp)"
for service in "$@" ; do
echo "$service _" >> "$servicefile"
done
fi
echo "For each service, read all possible domains"
while read line ; do
read -r service target < <(echo "$line")
# Auto letsencrypt
[ "$target" = vandamme.jean-cloud.org ] && continue
# TODO remove
#( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue
# remove dummy cert
dummy_cert.sh "$service" remove
[ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue
# acme
"$here/acme-dns.sh" "$service" "$tmp"
# Replace dummy cert if letsencrypt failed
[ "$?" -ne 0 ] && dummy_cert.sh "$service" add
done < "$servicefile"
echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do
server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server"
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/"
done