diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2024-05-29 18:16:11 +0100 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2024-05-29 18:16:11 +0100 |
| commit | a960b23caebd5362b5f292f73c6e41ebee2ad98c (patch) | |
| tree | 3943738dd0407dc3ed766cddc737825805a6aea5 | |
| parent | d7e965843eb32fc2e459a15fe70251964ff40394 (diff) | |
Generalise prosody-specific install script
This project's initial purpose was to automatically renew certiricates across
multiple prosody servers. However, over time, it has been used with more
services, each with their own ad-hoc and custom installation scripts.
This commit replaces the install-for-prosody script with a more general script
that can handle multiple different kinds of services in the future.
| -rwxr-xr-x | install-for | 53 | ||||
| -rwxr-xr-x | install-for-prosody | 23 |
2 files changed, 53 insertions, 23 deletions
diff --git a/install-for b/install-for new file mode 100755 index 0000000..9487273 --- /dev/null +++ b/install-for @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 +# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> +# +# SPDX-License-Identifier: AGPL-3.0-only + +import argparse +import itertools +import os +import subprocess + +parser = argparse.ArgumentParser() +parser.add_argument("identity_file") +parser.add_argument("--prosody", nargs=1, default = []) +parser.add_argument("--forgejo", nargs=1, default = []) +args = parser.parse_args() + +ssh_args = f"-o IdentitiesOnly=yes -F /dev/null -i {args.identity_file}" + +commands = { + "prosody": [ + "sudo chmod 640 ~/*.crt ~/*.key", + "sudo mv ~/*.crt ~/*.key /etc/prosody/certs", + "sudo chown -R root:prosody /etc/prosody/certs", + "sudo service nginx restart", + "sudo service prosody restart", + ], + "forgejo": [ + "sudo chown root:root ~/*.crt ~/*.key", + "sudo mv ~/*.crt ~/*.key /etc/nginx/ssl/", + "sudo service forgejo restart", + "sudo service nginx restart", + ], +} + +possible_services = { + "prosody": next(iter(args.prosody), None), + "forgejo": next(iter(args.forgejo), None), +} +services = dict(filter(lambda service: service[1] is not None, possible_services.items())) +files_to_copy = {os.environ["LEGO_CERT_PATH"], os.environ["LEGO_CERT_KEY_PATH"]} + +def scp_commands(files: set[str], host:str) -> list[str]: + return [f"scp {ssh_args} {' '.join(files)} {host}:~"] + +def ssh_commands(service: str, host: str) -> list[str]: + return list(map(lambda command: f"ssh {ssh_args} -tt {host} '{command}'", commands[service])) + +for service, host in services.items(): + commands_to_run = itertools.chain(scp_commands(files_to_copy, host), ssh_commands(service, host)) + + for command in commands_to_run: + print(command) + subprocess.run(command, shell=True) diff --git a/install-for-prosody b/install-for-prosody deleted file mode 100755 index 4ab540b..0000000 --- a/install-for-prosody +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> -# -# SPDX-License-Identifier: AGPL-3.0-only - -set -eux - -connection_string="$1" -ssh_key="$2" - -ssh_args=(-o IdentitiesOnly=yes -F /dev/null -i "${ssh_key}") - -# LEGO_CERT_PATH is an environment variable -#shellcheck disable=SC2154 -scp "${ssh_args[@]}" "${LEGO_CERT_PATH}" "${connection_string}":~ - -# LEGO_CERT_KEY_PATH is an environment variable -#shellcheck disable=SC2154 -scp "${ssh_args[@]}" "${LEGO_CERT_KEY_PATH}" "${connection_string}":~ - -ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo mv ~/*.crt ~/*.key /etc/prosody/certs" -ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo chown -R prosody:prosody /etc/prosody/certs" -ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo service prosody reload" |