pedro
/
cdist
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
cdist/cdist/conf/type/__letsencrypt_cert/manifest

159 lines
4.2 KiB
Bash
Raw Blame History

#!/bin/sh
certbot_fullpath="$(grep "^certbot_path:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-)"
state=$(cat "${__object}/parameter/state")
os="$(cat "${__global:?}/explorer/os")"
if [ -z "${certbot_fullpath}" ]; then
os_version="$(cat "${__global}/explorer/os_version")"
# Use this, very common value, as a default. It is OS-dependent
certbot_fullpath="/usr/bin/certbot"
case "$os" in
archlinux)
__package certbot
;;
alpine)
__package certbot
;;
debian)
case "$os_version" in
8*)
__apt_source jessie-backports \
--uri http://http.debian.net/debian \
--distribution jessie-backports \
--component main
require="__apt_source/jessie-backports" __package_apt python-certbot \
--target-release jessie-backports
require="__apt_source/jessie-backports" __package_apt certbot \
--target-release jessie-backports
# Seems to be a missing dependency on debian 8
__package python-ndg-httpsclient
;;
9*)
__apt_source stretch-backports \
--uri http://http.debian.net/debian \
--distribution stretch-backports \
--component main
require="__apt_source/stretch-backports" __package_apt python-certbot \
--target-release stretch-backports
require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports
;;
10*|11*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
;;
esac
;;
devuan)
case "$os_version" in
jessie)
__apt_source jessie-backports \
--uri http://auto.mirror.devuan.org/merged \
--distribution jessie-backports \
--component main
require="__apt_source/jessie-backports" __package_apt python-certbot \
--target-release jessie-backports
require="__apt_source/jessie-backports" __package_apt certbot \
--target-release jessie-backports
# Seems to be a missing dependency on debian 8
__package python-ndg-httpsclient
;;
ascii*)
__apt_source ascii-backports \
--uri http://auto.mirror.devuan.org/merged \
--distribution ascii-backports \
--component main
require="__apt_source/ascii-backports" __package_apt certbot \
--target-release ascii-backports
;;
beowulf*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
;;
esac
;;
freebsd)
__package py39-certbot
certbot_fullpath="/usr/local/bin/certbot"
;;
ubuntu)
__package certbot
;;
*)
echo "Unsupported os: $os" >&2
exit 1
;;
esac
fi
# Other OS-dependent values that we want to set every time
LE_DIR="/etc/letsencrypt"
certbot_cronjob_state="absent"
case "$os" in
archlinux|alpine)
certbot_cronjob_state="present"
;;
freebsd)
LE_DIR="/usr/local/etc/letsencrypt"
# FreeBSD uses periodic(8) instead of crontabs for this
__line "periodic.conf_weekly_certbot" \
--file "/etc/periodic.conf" \
--regex "^(#[[:space:]]*)?weekly_certbot_enable=.*" \
--state "replace" \
--line 'weekly_certbot_enable="YES"'
;;
*)
;;
esac
# This is only necessary in certain OS
__cron letsencrypt-certbot \
--user root \
--command "${certbot_fullpath} renew -q" \
--hour 0 \
--minute 47 \
--state "${certbot_cronjob_state}"
# Ensure hook directories
HOOKS_DIR="${LE_DIR}/renewal-hooks"
__directory "${LE_DIR}" --mode 0755
require="__directory/${LE_DIR}" __directory "${HOOKS_DIR}" --mode 0755
if [ -f "${__object}/parameter/domain" ]; then
domains="$(sort "${__object}/parameter/domain")"
else
domains="${__object_id}"
fi
# Install hooks as needed
for hook in deploy pre post; do
# Using something unique and specific to this object
hook_file="${HOOKS_DIR}/${hook}/${__object_id}.cdist.sh"
# This defines hook_contents
# shellcheck source=cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh
. "${__type}/files/gen_hook.sh"
# Ensure hook directory exists
require="__directory/${HOOKS_DIR}" __directory "${HOOKS_DIR}/${hook}" \
--mode 0755
require="__directory/${HOOKS_DIR}/${hook}" __file "${hook_file}" \
--mode 0555 \
--source '-' \
--state "${hook_state}" <<EOF
${hook_contents}
EOF
done
Reference in New Issue View Git Blame Copy Permalink