57 lines
1.5 KiB
Bash
Executable File
57 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -euo pipefail
|
|
|
|
. driglibash-base
|
|
here="$(where)"
|
|
|
|
# For some variables
|
|
. /etc/jeancloud.env
|
|
set -a
|
|
. "$here/.env"
|
|
set +a
|
|
|
|
# Test secret presence
|
|
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
|
|
|
|
export tmp="$(mktemp -d)"
|
|
mkdir -p "$tmp/{work,logs}"
|
|
|
|
# If there is some args, populate a fake service file
|
|
if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
|
|
servicefile="$(mktemp)"
|
|
for service in "$@" ; do
|
|
echo "$service _" >> "$servicefile"
|
|
done
|
|
fi
|
|
|
|
echo "For each service, read all possible domains"
|
|
while read line ; do
|
|
read -r service target < <(echo "$line")
|
|
|
|
# Auto letsencrypt
|
|
[ "$target" = vandamme.jean-cloud.org ] && continue
|
|
|
|
# TODO remove
|
|
#( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue
|
|
|
|
# remove dummy cert
|
|
dummy_cert.sh "$service" remove
|
|
|
|
[ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue
|
|
|
|
# acme
|
|
"$here/acme-dns.sh" "$service" "$tmp"
|
|
|
|
# Replace dummy cert if letsencrypt failed
|
|
[ "$?" -ne 0 ] && dummy_cert.sh "$service" add
|
|
done < "$servicefile"
|
|
|
|
echo "Push certs to other servers"
|
|
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do
|
|
server="$srv.jean-cloud.org"
|
|
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
|
echo "-- $server"
|
|
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/"
|
|
done
|