diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2024-02-28 19:17:25 +0000 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2024-02-28 21:40:21 +0000 |
| commit | d7e965843eb32fc2e459a15fe70251964ff40394 (patch) | |
| tree | e46d2ff80b7d383b65cd4bd819c260ae9e2ab9a8 /install-for-prosody | |
Initial commit
This commit adds the initial structure / scaffolding on which the rest of the
project can be built.
The idea is to have an entry point written in python, which parses a toml file
which contains information about each domain, and general configuration of the
lego tool which will actually renew the certificates. Each domain has an
additional post-renew script, the path to which is given in the config file,
which is used to install the new certificates onto the remote hosts if
necessary.
Diffstat (limited to 'install-for-prosody')
| -rwxr-xr-x | install-for-prosody | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/install-for-prosody b/install-for-prosody new file mode 100755 index 0000000..4ab540b --- /dev/null +++ b/install-for-prosody @@ -0,0 +1,23 @@ +#!/bin/bash +# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> +# +# SPDX-License-Identifier: AGPL-3.0-only + +set -eux + +connection_string="$1" +ssh_key="$2" + +ssh_args=(-o IdentitiesOnly=yes -F /dev/null -i "${ssh_key}") + +# LEGO_CERT_PATH is an environment variable +#shellcheck disable=SC2154 +scp "${ssh_args[@]}" "${LEGO_CERT_PATH}" "${connection_string}":~ + +# LEGO_CERT_KEY_PATH is an environment variable +#shellcheck disable=SC2154 +scp "${ssh_args[@]}" "${LEGO_CERT_KEY_PATH}" "${connection_string}":~ + +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo mv ~/*.crt ~/*.key /etc/prosody/certs" +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo chown -R prosody:prosody /etc/prosody/certs" +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo service prosody reload" |