From d7e965843eb32fc2e459a15fe70251964ff40394 Mon Sep 17 00:00:00 2001 From: Matthew Fennell Date: Wed, 28 Feb 2024 19:17:25 +0000 Subject: Initial commit This commit adds the initial structure / scaffolding on which the rest of the project can be built. The idea is to have an entry point written in python, which parses a toml file which contains information about each domain, and general configuration of the lego tool which will actually renew the certificates. Each domain has an additional post-renew script, the path to which is given in the config file, which is used to install the new certificates onto the remote hosts if necessary. --- install-for-prosody | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 install-for-prosody (limited to 'install-for-prosody') diff --git a/install-for-prosody b/install-for-prosody new file mode 100755 index 0000000..4ab540b --- /dev/null +++ b/install-for-prosody @@ -0,0 +1,23 @@ +#!/bin/bash +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +set -eux + +connection_string="$1" +ssh_key="$2" + +ssh_args=(-o IdentitiesOnly=yes -F /dev/null -i "${ssh_key}") + +# LEGO_CERT_PATH is an environment variable +#shellcheck disable=SC2154 +scp "${ssh_args[@]}" "${LEGO_CERT_PATH}" "${connection_string}":~ + +# LEGO_CERT_KEY_PATH is an environment variable +#shellcheck disable=SC2154 +scp "${ssh_args[@]}" "${LEGO_CERT_KEY_PATH}" "${connection_string}":~ + +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo mv ~/*.crt ~/*.key /etc/prosody/certs" +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo chown -R prosody:prosody /etc/prosody/certs" +ssh "${ssh_args[@]}" -tt "${connection_string}" "sudo service prosody reload" -- cgit v1.2.3