Compare commits
No commits in common. "325ebd39416bccf1258c020398a773db9e24b4cd" and "d092ee8ecf7ca852b58f00239a376ade2b08f5bc" have entirely different histories.
325ebd3941
...
d092ee8ecf
3 changed files with 33 additions and 54 deletions
|
|
@ -1,22 +1,21 @@
|
|||
steps:
|
||||
pipeline:
|
||||
publish:
|
||||
image: "docker.io/woodpeckerci/plugin-docker-buildx"
|
||||
image: "plugins/docker"
|
||||
settings:
|
||||
registry: "https://gitea.nulo.in"
|
||||
registry: "registry.nulo.in"
|
||||
username: "sutty"
|
||||
repo: "gitea.nulo.in/sutty/certbot-simple"
|
||||
repo: "registry.nulo.in/sutty/certbot-simple"
|
||||
tags:
|
||||
- "${ALPINE_VERSION}"
|
||||
- "latest"
|
||||
build_args:
|
||||
- "ALPINE_VERSION=${ALPINE_VERSION}"
|
||||
- "BASE_IMAGE=gitea.nulo.in/sutty/monit"
|
||||
- "BASE_IMAGE=registry.nulo.in/sutty/monit"
|
||||
secrets:
|
||||
- "DOCKER_PASSWORD"
|
||||
- "docker_password"
|
||||
when:
|
||||
branch: "antifascista"
|
||||
event: "push"
|
||||
matrix:
|
||||
include:
|
||||
- ALPINE_VERSION: "3.20.2"
|
||||
- ALPINE_VERSION: "3.19.3"
|
||||
ALPINE_VERSION:
|
||||
- "3.17.1"
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
ARG ALPINE_VERSION=3.18.3
|
||||
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit
|
||||
ARG ALPINE_VERSION=3.13.6
|
||||
ARG BASE_IMAGE=sutty/monit
|
||||
FROM ${BASE_IMAGE}:${ALPINE_VERSION}
|
||||
LABEL org.opencontainers.image.authors="f@sutty.nl"
|
||||
MAINTAINER "f <f@sutty.nl>"
|
||||
|
||||
RUN addgroup -S -g 777 ssl
|
||||
RUN apk add --no-cache certbot certbot-dns-standalone
|
||||
RUN apk add --no-cache certbot
|
||||
|
||||
COPY ./monit.conf /etc/monit.d/certbot.conf
|
||||
COPY ./certbotd.sh /usr/local/bin/certbotd
|
||||
|
|
|
|||
50
certbotd.sh
50
certbotd.sh
|
|
@ -1,66 +1,46 @@
|
|||
#!/bin/sh
|
||||
|
||||
ok() {
|
||||
echo "ok - $@" >&2
|
||||
}
|
||||
|
||||
not_ok() {
|
||||
echo "not ok - $@" >&2
|
||||
}
|
||||
|
||||
lock=/tmp/certbot.lck
|
||||
updated=/tmp/certbot.updated
|
||||
|
||||
ensure() {
|
||||
test -n "$1" && ok "$1 received, exiting gracefully..."
|
||||
test -n "$1" && echo "$1 received, exiting gracefully..."
|
||||
|
||||
rm -f "${lock}"
|
||||
|
||||
test -f "${updated}" || exit 0
|
||||
|
||||
if test -f "${updated}" ; then
|
||||
rm -f "${updated}"
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||
chgrp -R ssl /etc/letsencrypt
|
||||
fi
|
||||
|
||||
# Remove the lock after synchronization
|
||||
rm -f "${lock}"
|
||||
|
||||
# Exit with the error code
|
||||
exit $1
|
||||
}
|
||||
|
||||
for SIG in 1 2 3 6 9 14 15; do
|
||||
for SIG in TERM QUIT INT HUP; do
|
||||
trap "ensure ${SIG}" ${SIG}
|
||||
done
|
||||
|
||||
set -E
|
||||
set -e
|
||||
|
||||
case $1 in
|
||||
# Renew certificates, trust in certbot's algorithms
|
||||
renew)
|
||||
if /usr/bin/certbot renew --quiet --agree-tos ; then
|
||||
ok "Renewed certificates"
|
||||
/usr/bin/certbot renew --quiet --agree-tos
|
||||
touch "${updated}"
|
||||
else
|
||||
ret=$?
|
||||
not_ok "Certificate renewal failed"
|
||||
exit $ret
|
||||
fi
|
||||
;;
|
||||
bootstrap)
|
||||
for site in ${SUTTY} ${DOMAINS}; do
|
||||
test -d "/etc/letsencrypt/live/${site}" && exit 0
|
||||
|
||||
/usr/bin/certbot \
|
||||
certonly \
|
||||
--non-interactive \
|
||||
--authenticator "dns-standalone" \
|
||||
--email "certbot@${SUTTY}" \
|
||||
# Get the certificate for the domain, the webserver will need
|
||||
# access to this directory
|
||||
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
|
||||
--webroot \
|
||||
--agree-tos \
|
||||
-d "${SUTTY}" \
|
||||
-d "*.${SUTTY}" \
|
||||
&& touch "${updated}"
|
||||
--webroot-path /var/lib/letsencrypt \
|
||||
-d "${site}"
|
||||
|
||||
cd /etc/letsencrypt/live
|
||||
ln -s ${SUTTY} default
|
||||
|
|
@ -75,4 +55,4 @@ case $1 in
|
|||
;;
|
||||
esac
|
||||
|
||||
ensure 0
|
||||
ensure
|
||||
|
|
|
|||
Loading…
Reference in a new issue