Compare commits

..

No commits in common. "325ebd39416bccf1258c020398a773db9e24b4cd" and "d092ee8ecf7ca852b58f00239a376ade2b08f5bc" have entirely different histories.

3 changed files with 33 additions and 54 deletions

View file

@ -1,22 +1,21 @@
steps: pipeline:
publish: publish:
image: "docker.io/woodpeckerci/plugin-docker-buildx" image: "plugins/docker"
settings: settings:
registry: "https://gitea.nulo.in" registry: "registry.nulo.in"
username: "sutty" username: "sutty"
repo: "gitea.nulo.in/sutty/certbot-simple" repo: "registry.nulo.in/sutty/certbot-simple"
tags: tags:
- "${ALPINE_VERSION}" - "${ALPINE_VERSION}"
- "latest" - "latest"
build_args: build_args:
- "ALPINE_VERSION=${ALPINE_VERSION}" - "ALPINE_VERSION=${ALPINE_VERSION}"
- "BASE_IMAGE=gitea.nulo.in/sutty/monit" - "BASE_IMAGE=registry.nulo.in/sutty/monit"
secrets: secrets:
- "DOCKER_PASSWORD" - "docker_password"
when: when:
branch: "antifascista" branch: "antifascista"
event: "push" event: "push"
matrix: matrix:
include: ALPINE_VERSION:
- ALPINE_VERSION: "3.20.2" - "3.17.1"
- ALPINE_VERSION: "3.19.3"

View file

@ -1,10 +1,10 @@
ARG ALPINE_VERSION=3.18.3 ARG ALPINE_VERSION=3.13.6
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit ARG BASE_IMAGE=sutty/monit
FROM ${BASE_IMAGE}:${ALPINE_VERSION} FROM ${BASE_IMAGE}:${ALPINE_VERSION}
LABEL org.opencontainers.image.authors="f@sutty.nl" MAINTAINER "f <f@sutty.nl>"
RUN addgroup -S -g 777 ssl RUN addgroup -S -g 777 ssl
RUN apk add --no-cache certbot certbot-dns-standalone RUN apk add --no-cache certbot
COPY ./monit.conf /etc/monit.d/certbot.conf COPY ./monit.conf /etc/monit.d/certbot.conf
COPY ./certbotd.sh /usr/local/bin/certbotd COPY ./certbotd.sh /usr/local/bin/certbotd

View file

@ -1,66 +1,46 @@
#!/bin/sh #!/bin/sh
ok() {
echo "ok - $@" >&2
}
not_ok() {
echo "not ok - $@" >&2
}
lock=/tmp/certbot.lck lock=/tmp/certbot.lck
updated=/tmp/certbot.updated updated=/tmp/certbot.updated
ensure() { ensure() {
test -n "$1" && ok "$1 received, exiting gracefully..." test -n "$1" && echo "$1 received, exiting gracefully..."
rm -f "${lock}"
test -f "${updated}" || exit 0
if test -f "${updated}" ; then
rm -f "${updated}" rm -f "${updated}"
# Fix permissions, users in group ssl have read access # Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750 find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640 find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt chgrp -R ssl /etc/letsencrypt
fi
# Remove the lock after synchronization
rm -f "${lock}"
# Exit with the error code
exit $1
} }
for SIG in 1 2 3 6 9 14 15; do for SIG in TERM QUIT INT HUP; do
trap "ensure ${SIG}" ${SIG} trap "ensure ${SIG}" ${SIG}
done done
set -E set -e
case $1 in case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
if /usr/bin/certbot renew --quiet --agree-tos ; then /usr/bin/certbot renew --quiet --agree-tos
ok "Renewed certificates"
touch "${updated}" touch "${updated}"
else
ret=$?
not_ok "Certificate renewal failed"
exit $ret
fi
;; ;;
bootstrap) bootstrap)
for site in ${SUTTY} ${DOMAINS}; do for site in ${SUTTY} ${DOMAINS}; do
test -d "/etc/letsencrypt/live/${site}" && exit 0 test -d "/etc/letsencrypt/live/${site}" && exit 0
/usr/bin/certbot \ # Get the certificate for the domain, the webserver will need
certonly \ # access to this directory
--non-interactive \ /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
--authenticator "dns-standalone" \ --webroot \
--email "certbot@${SUTTY}" \
--agree-tos \ --agree-tos \
-d "${SUTTY}" \ --webroot-path /var/lib/letsencrypt \
-d "*.${SUTTY}" \ -d "${site}"
&& touch "${updated}"
cd /etc/letsencrypt/live cd /etc/letsencrypt/live
ln -s ${SUTTY} default ln -s ${SUTTY} default
@ -75,4 +55,4 @@ case $1 in
;; ;;
esac esac
ensure 0 ensure