diff options
author | Jesse Luehrs <doy@tozt.net> | 2020-07-11 00:02:40 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2020-07-11 00:05:20 -0400 |
commit | 4e9fb2d323dffc288a27d9cc918fc78de930ba5b (patch) | |
tree | 35d3227a210143ecaefda42cbf5796ed74397369 /modules/certbot/templates | |
parent | dc5da84a004d6d5b2e045f0ca422747f514240ce (diff) | |
download | puppet-tozt-4e9fb2d323dffc288a27d9cc918fc78de930ba5b.tar.gz puppet-tozt-4e9fb2d323dffc288a27d9cc918fc78de930ba5b.zip |
improve certbot provisioning script
Diffstat (limited to 'modules/certbot/templates')
-rwxr-xr-x | modules/certbot/templates/certbot-tozt | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/modules/certbot/templates/certbot-tozt b/modules/certbot/templates/certbot-tozt new file mode 100755 index 0000000..bdf1201 --- /dev/null +++ b/modules/certbot/templates/certbot-tozt @@ -0,0 +1,76 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +config_dir="${1:-}" +if systemctl is-active -q nginx; then + is_running=1 +else + is_running= +fi + +cleanup() { + if [ -z "$is_running" ]; then + systemctl stop nginx + fi + + if [ -e /etc/nginx/nginx.conf.backup ]; then + mv /etc/nginx/nginx.conf.backup /etc/nginx.conf + fi +} +trap cleanup EXIT + +mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup +cat > /etc/nginx/nginx.conf <<EOF +worker_processes 1; +events { + worker_connections 1024; +} +http { + server { + listen 80 default; + server_name <%= @primary_domain %>; + location / { + root /tmp; + } + } +<%- @secondary_domains.each do |domain| -%> + server { + listen 80; + server_name <%= domain %>; + location / { + root /tmp; + } + } +<%- end -%> +} +EOF + +if [ -z "$is_running" ]; then + systemctl start nginx +fi + +if [ -z "$config_dir" ]; then + /usr/bin/certbot run \ + -n \ + --agree-tos \ + -m doy@tozt.net \ + --cert-name <%= @primary_domain %> \ + -d <%= @primary_domain %> \ +<%- @secondary_domains.each do |domain| -%> + -d <%= domain %> \ +<%- end -%> + --nginx +else + /usr/bin/certbot run \ + -n \ + --agree-tos \ + -m doy@tozt.net \ + --config-dir "$config_dir" \ + --cert-name <%= @primary_domain %> \ + -d <%= @primary_domain %> \ +<%- @secondary_domains.each do |domain| -%> + -d <%= domain %> \ +<%- end -%> + --nginx +fi |