2018-05-07 10:57:48 +00:00
|
|
|
#!/bin/sh
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2021-05-10 10:10:00 +00:00
|
|
|
certbot_fullpath="$(grep "^certbot_path:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-)"
|
2021-02-09 18:58:47 +00:00
|
|
|
state=$(cat "${__object}/parameter/state")
|
|
|
|
os="$(cat "${__global:?}/explorer/os")"
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2018-05-07 10:57:48 +00:00
|
|
|
if [ -z "${certbot_fullpath}" ]; then
|
|
|
|
os_version="$(cat "${__global}/explorer/os_version")"
|
2021-02-09 18:58:47 +00:00
|
|
|
# Use this, very common value, as a default. It is OS-dependent
|
|
|
|
certbot_fullpath="/usr/bin/certbot"
|
2018-05-07 10:57:48 +00:00
|
|
|
case "$os" in
|
2021-02-09 18:58:47 +00:00
|
|
|
archlinux)
|
|
|
|
__package certbot
|
|
|
|
;;
|
|
|
|
alpine)
|
|
|
|
__package certbot
|
|
|
|
;;
|
2018-05-07 10:57:48 +00:00
|
|
|
debian)
|
|
|
|
case "$os_version" in
|
|
|
|
8*)
|
|
|
|
__apt_source jessie-backports \
|
|
|
|
--uri http://http.debian.net/debian \
|
|
|
|
--distribution jessie-backports \
|
|
|
|
--component main
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2018-05-07 10:57:48 +00:00
|
|
|
require="__apt_source/jessie-backports" __package_apt python-certbot \
|
|
|
|
--target-release jessie-backports
|
|
|
|
require="__apt_source/jessie-backports" __package_apt certbot \
|
|
|
|
--target-release jessie-backports
|
|
|
|
# Seems to be a missing dependency on debian 8
|
|
|
|
__package python-ndg-httpsclient
|
|
|
|
;;
|
|
|
|
9*)
|
|
|
|
__apt_source stretch-backports \
|
|
|
|
--uri http://http.debian.net/debian \
|
|
|
|
--distribution stretch-backports \
|
|
|
|
--component main
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2018-05-07 10:57:48 +00:00
|
|
|
require="__apt_source/stretch-backports" __package_apt python-certbot \
|
|
|
|
--target-release stretch-backports
|
|
|
|
require="__apt_source/stretch-backports" __package_apt certbot \
|
|
|
|
--target-release stretch-backports
|
|
|
|
;;
|
2019-10-04 09:13:10 +00:00
|
|
|
10*)
|
|
|
|
__package_apt certbot
|
|
|
|
;;
|
2019-10-15 18:19:04 +00:00
|
|
|
|
2018-05-07 10:57:48 +00:00
|
|
|
*)
|
|
|
|
echo "Unsupported OS version: $os_version" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2021-02-09 18:58:47 +00:00
|
|
|
;;
|
2018-05-07 10:57:48 +00:00
|
|
|
devuan)
|
|
|
|
case "$os_version" in
|
|
|
|
jessie)
|
|
|
|
__apt_source jessie-backports \
|
|
|
|
--uri http://auto.mirror.devuan.org/merged \
|
|
|
|
--distribution jessie-backports \
|
|
|
|
--component main
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2018-05-07 10:57:48 +00:00
|
|
|
require="__apt_source/jessie-backports" __package_apt python-certbot \
|
|
|
|
--target-release jessie-backports
|
|
|
|
require="__apt_source/jessie-backports" __package_apt certbot \
|
|
|
|
--target-release jessie-backports
|
|
|
|
# Seems to be a missing dependency on debian 8
|
|
|
|
__package python-ndg-httpsclient
|
|
|
|
;;
|
2018-06-22 12:09:31 +00:00
|
|
|
ascii*)
|
|
|
|
__apt_source ascii-backports \
|
|
|
|
--uri http://auto.mirror.devuan.org/merged \
|
|
|
|
--distribution ascii-backports \
|
|
|
|
--component main
|
|
|
|
|
|
|
|
require="__apt_source/ascii-backports" __package_apt certbot \
|
|
|
|
--target-release ascii-backports
|
|
|
|
;;
|
2019-09-14 09:54:36 +00:00
|
|
|
beowulf*)
|
2019-08-15 12:19:54 +00:00
|
|
|
__package_apt certbot
|
|
|
|
;;
|
2018-05-07 10:57:48 +00:00
|
|
|
*)
|
|
|
|
echo "Unsupported OS version: $os_version" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
;;
|
|
|
|
freebsd)
|
2021-02-09 18:58:47 +00:00
|
|
|
__package py37-certbot
|
|
|
|
certbot_fullpath="/usr/local/bin/certbot"
|
2018-05-07 10:57:48 +00:00
|
|
|
;;
|
2020-05-01 13:31:23 +00:00
|
|
|
ubuntu)
|
2021-02-09 18:58:47 +00:00
|
|
|
__package certbot
|
|
|
|
;;
|
2018-05-07 10:57:48 +00:00
|
|
|
*)
|
|
|
|
echo "Unsupported os: $os" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
2018-02-05 12:57:53 +00:00
|
|
|
fi
|
2017-11-01 07:56:12 +00:00
|
|
|
|
2021-02-09 18:58:47 +00:00
|
|
|
# Other OS-dependent values that we want to set every time
|
|
|
|
LE_DIR="/etc/letsencrypt"
|
|
|
|
certbot_cronjob_state="absent"
|
|
|
|
case "$os" in
|
|
|
|
archlinux|alpine)
|
|
|
|
certbot_cronjob_state="present"
|
|
|
|
;;
|
|
|
|
freebsd)
|
|
|
|
LE_DIR="/usr/local/etc/letsencrypt"
|
|
|
|
# FreeBSD uses periodic(8) instead of crontabs for this
|
|
|
|
__line "periodic.conf_weekly_certbot" \
|
|
|
|
--file "/etc/periodic.conf" \
|
|
|
|
--regex "^(#[[:space:]]*)?weekly_certbot_enable=.*" \
|
|
|
|
--state "replace" \
|
|
|
|
--line 'weekly_certbot_enable="YES"'
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
# This is only necessary in certain OS
|
|
|
|
__cron letsencrypt-certbot \
|
|
|
|
--user root \
|
|
|
|
--command "${certbot_fullpath} renew -q" \
|
|
|
|
--hour 0 \
|
|
|
|
--minute 47 \
|
|
|
|
--state "${certbot_cronjob_state}"
|
|
|
|
|
|
|
|
# Ensure hook directories
|
|
|
|
HOOKS_DIR="${LE_DIR}/renewal-hooks"
|
|
|
|
__directory "${LE_DIR}" --mode 0755
|
|
|
|
require="__directory/${LE_DIR}" __directory "${HOOKS_DIR}" --mode 0755
|
|
|
|
|
|
|
|
if [ -f "${__object}/parameter/domain" ]; then
|
|
|
|
domains="$(sort "${__object}/parameter/domain")"
|
|
|
|
else
|
|
|
|
domains="${__object_id}"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Install hooks as needed
|
|
|
|
for hook in deploy pre post; do
|
|
|
|
# Using something unique and specific to this object
|
|
|
|
hook_file="${HOOKS_DIR}/${hook}/${__object_id}.cdist.sh"
|
|
|
|
|
2021-02-10 09:10:21 +00:00
|
|
|
# This defines hook_contents
|
|
|
|
# shellcheck source=cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh
|
|
|
|
. "${__type}/files/gen_hook.sh"
|
2018-05-07 10:57:48 +00:00
|
|
|
|
2021-02-09 18:58:47 +00:00
|
|
|
# Ensure hook directory exists
|
|
|
|
require="__directory/${HOOKS_DIR}" __directory "${HOOKS_DIR}/${hook}" \
|
|
|
|
--mode 0755
|
|
|
|
require="__directory/${HOOKS_DIR}/${hook}" __file "${hook_file}" \
|
|
|
|
--mode 0555 \
|
|
|
|
--source '-' \
|
|
|
|
--state "${hook_state}" <<EOF
|
2021-02-10 09:10:21 +00:00
|
|
|
${hook_contents}
|
2021-02-09 18:58:47 +00:00
|
|
|
EOF
|
|
|
|
done
|