Compare commits

...

8 commits

Author SHA1 Message Date
f
ea05dd03e9 Merge ../skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2023-04-20 15:21:13 -03:00
f
f545ef606f BREAKING CHANGE: get a wildcard for the main domain sutty/sutty#13159 2023-04-20 15:20:26 -03:00
f
4b783cb9f1 feat: support njalla sutty/sutty#13159 2023-04-20 15:15:22 -03:00
f
24c31e7eb8 fix: base registry 2023-04-04 18:03:51 -03:00
f
da19bd76f8 BREAKING CHANGE: use public gitea registry 2023-04-04 17:22:42 -03:00
f
1068b67884 feat: alpine upgrades 2023-03-29 16:32:41 -03:00
f
923d9f1d78 fix: don't fail if renewal fails
it leaves the lock in place
2023-03-15 18:46:01 -03:00
f
434501ef54 feat: alpine upgrade 2023-02-11 12:39:02 -03:00
3 changed files with 18 additions and 22 deletions

View file

@ -1,21 +1,21 @@
pipeline: pipeline:
publish: publish:
image: "plugins/docker" image: "docker.io/woodpeckerci/plugin-docker-buildx"
settings: settings:
registry: "registry.nulo.in" registry: "https://gitea.nulo.in"
username: "sutty" username: "sutty"
repo: "registry.nulo.in/sutty/certbot" repo: "gitea.nulo.in/sutty/certbot"
tags: tags:
- "${ALPINE_VERSION}" - "${ALPINE_VERSION}"
- "latest" - "latest"
build_args: build_args:
- "ALPINE_VERSION=${ALPINE_VERSION}" - "ALPINE_VERSION=${ALPINE_VERSION}"
- "BASE_IMAGE=registry.nulo.in/sutty/monit" - "BASE_IMAGE=gitea.nulo.in/sutty/monit"
secrets: secrets:
- "docker_password" - "DOCKER_PASSWORD"
when: when:
branch: "antifascista" branch: "antifascista"
event: "push" event: "push"
matrix: matrix:
ALPINE_VERSION: ALPINE_VERSION:
- "3.17.1" - "3.17.3"

View file

@ -5,7 +5,7 @@ MAINTAINER "f <f@sutty.nl>"
RUN addgroup -S -g 777 ssl RUN addgroup -S -g 777 ssl
RUN install -dm 2700 -o root -g root /root/.ssh RUN install -dm 2700 -o root -g root /root/.ssh
RUN apk add --no-cache certbot jq wget openssh-client rsync RUN apk add --no-cache certbot jq wget openssh-client rsync certbot-dns-njalla
COPY ./monit.conf /etc/monit.d/certbot.conf COPY ./monit.conf /etc/monit.d/certbot.conf
COPY ./certbotd.sh /usr/local/bin/certbotd COPY ./certbotd.sh /usr/local/bin/certbotd

View file

@ -42,26 +42,22 @@ set -e
case $1 in case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
/usr/bin/certbot renew --quiet --agree-tos /usr/bin/certbot renew --quiet --agree-tos || true
touch "${updated}" touch "${updated}"
;; ;;
bootstrap) bootstrap)
for site in ${SUTTY} api.${SUTTY}; do test -d "/etc/letsencrypt/live/${SUTTY}" && exit 0
test -d "/etc/letsencrypt/live/${site}" && exit 0
# Get the certificate for the domain, the webserver will need # Get a single certificate for the whole domain
# access to this directory /usr/bin/certbot \
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \ -a dns-njalla \
--webroot \ --dns-njalla-credentials /etc/letsencrypt/njalla.ini \
--email "certbot@${SUTTY}" \
--agree-tos \ --agree-tos \
--webroot-path /var/lib/letsencrypt \ -d "${SUTTY}" \
-d "${site}" -d "*.${SUTTY}"
cd /etc/letsencrypt/live
ln -s ${SUTTY} default
touch "${updated}" touch "${updated}"
done
;; ;;
prune) prune)