58 lines
1.6 KiB
Bash
Executable File
58 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -u
|
|
|
|
. driglibash-base
|
|
|
|
# For some variables
|
|
. /etc/jeancloud.env
|
|
|
|
|
|
# Add the servers to the known_hosts file
|
|
mkdir -p "$DATA_DIR/fingerprints"
|
|
for server in $SERVERS ; do
|
|
fingerprint_file="$DATA_DIR/fingerprints/$server.fingerprint"
|
|
if [ ! -e "$fingerprint_file" ] ; then
|
|
ssh-keyscan -p 45985 "$server" > "$fingerprint_file"
|
|
fi
|
|
done
|
|
cat "$DATA_DIR"/fingerprints/*.fingerprint > ~/.ssh/known_hosts
|
|
|
|
|
|
# Test dns server is up
|
|
if [ -z "$(echo 'ns.jean-cloud.org' | resolvable.sh ns.jean-cloud.org)" ] ; then
|
|
echo 'Dns server not working'
|
|
exit 1
|
|
fi
|
|
|
|
# Test secret presence
|
|
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1
|
|
|
|
export workdir="$(mktemp -d)"
|
|
mkdir -p "$workdir/{work,logs}"
|
|
|
|
|
|
echo "For each service, read all possible domains"
|
|
while IFS=';' read -r id username service target ; do
|
|
if [ -z "$service" ] ; then continue ; fi
|
|
|
|
#if [ -d "$DATA_DIR/certs/live/$service" ] ; then
|
|
# #echo "Already exists, thats a job for renew : $service"
|
|
# continue
|
|
#fi
|
|
|
|
# acme
|
|
"$DOCKER_DIR/acme-dns.sh" "$service" "$workdir" "$DATA_DIR/certs" "$DATA_DIR/rfc2136.ini"
|
|
|
|
done < <(grep -v '^#' "$servicefile")
|
|
|
|
echo "Renew existing certs"
|
|
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir" || true
|
|
|
|
echo "Push certs to other servers"
|
|
for srv in $SERVERS ; do
|
|
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
|
echo "-- $server"
|
|
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
|
|
done
|