-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathscripts.libsonnet
84 lines (75 loc) · 2.5 KB
/
scripts.libsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
local check_status_tpl = |||
if [ $? -ne 0 ]; then
echo "FAILURE: certbot-%(kind)s for %(certName)s (%(domains)s)" >> /usr/share/nginx/html/certbot_status.txt
else
echo "SUCCESS: certbot-%(kind)s for %(certName)s (%(domains)s)" >> /usr/share/nginx/html/certbot_status.txt
fi
|||;
local cloudflare_tpl = |||
echo "******************************************************************************"
echo "* Running certbot-cloudflare for %(certName)s"
echo "* Domains list: %(domains)s"
echo "******************************************************************************"
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /run/secrets/cloudflare/cloudflare_api_token.ini \
--noninteractive \
--agree-tos \
--email [email protected] \
--preferred-challenges dns-01 \
--cert-name %(certName)s \
--domains %(domains)s
|||;
local webroot_tpl = |||
echo "******************************************************************************"
echo "* Running certbot-webroot for %(certName)s"
echo "* Domains list: %(domains)s"
echo "******************************************************************************"
certbot certonly \
--webroot \
--noninteractive \
--agree-tos \
--email [email protected] \
--webroot-path /usr/share/nginx/html \
--cert-name %(certName)s \
--domains %(domains)s
|||;
local webroot_trap = |||
trap "rm -f /usr/share/nginx/html/init" EXIT
|||;
local heartbeat = |||
if ! grep -Eq "^FAILURE" /usr/share/nginx/html/certbot_status.txt; then
wget --spider -q $(head -n 1 /run/secrets/betteruptime/url)
else
echo ">>>>>>>>>>> Some certificats failed to renew, not calling BetterUptime's heartbeat <<<<<<<<<<<"
grep -E "^FAILURE" /usr/share/nginx/html/certbot_status.txt
fi
|||;
local expand_tpl(tpl, kind, certs) = [
tpl % {
kind: kind,
certName: certName,
domains: std.join(",", certs[certName])
} for certName in std.objectFields(certs)
];
local join_certs_tpl(tpls = [], kind, certs) = "%s" % std.join("\n",
expand_tpl(
std.join("\n", tpls),
kind,
certs,
)
);
local cloudflare_script(certs) = std.join("\n", [
"#!/usr/bin/env sh\n",
join_certs_tpl([cloudflare_tpl, check_status_tpl, ], "cloudflare", certs),
]);
local webroot_script(certs) = std.join("\n", [
"#!/usr/bin/env sh\n",
webroot_trap,
join_certs_tpl([webroot_tpl, check_status_tpl, ], "webroot", certs),
heartbeat,
]);
{
cloudflare:: cloudflare_script,
webroot:: webroot_script,
}