Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Sutty:5fbfb3907598e0ce9fe7351e3868e289397aa0d4
Branches Tags
Sutty:antifascista
..
compare: Sutty:ea05dd03e98968f043786857c6e746203be66257
Branches Tags
Sutty:antifascista

8 commits
5fbfb39075 ... ea05dd03e9

Author SHA1 Message Date
f
ea05dd03e9 Merge ../skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2023-04-20 15:21:13 -03:00
f
f545ef606f BREAKING CHANGE: get a wildcard for the main domain sutty/sutty#13159 2023-04-20 15:20:26 -03:00
f
4b783cb9f1 feat: support njalla sutty/sutty#13159 2023-04-20 15:15:22 -03:00
f
24c31e7eb8 fix: base registry 2023-04-04 18:03:51 -03:00
f
da19bd76f8 BREAKING CHANGE: use public gitea registry 2023-04-04 17:22:42 -03:00
f
1068b67884 feat: alpine upgrades 2023-03-29 16:32:41 -03:00
f
923d9f1d78 fix: don't fail if renewal fails 
it leaves the lock in place
 2023-03-15 18:46:01 -03:00
f
434501ef54 feat: alpine upgrade 2023-02-11 12:39:02 -03:00
3 changed files with 18 additions and 22 deletions
Show stats Expand all files Collapse all files

12
.woodpecker.yml
View file

@ -1,21 +1,21 @@
pipeline:
publish:
image: "plugins/docker"
image: "docker.io/woodpeckerci/plugin-docker-buildx"
settings:
registry: "registry.nulo.in"
registry: "https://gitea.nulo.in"
username: "sutty"
repo: "registry.nulo.in/sutty/certbot"
repo: "gitea.nulo.in/sutty/certbot"
tags:
- "${ALPINE_VERSION}"
- "latest"
build_args:
- "ALPINE_VERSION=${ALPINE_VERSION}"
- "BASE_IMAGE=registry.nulo.in/sutty/monit"
- "BASE_IMAGE=gitea.nulo.in/sutty/monit"
secrets:
- "docker_password"
- "DOCKER_PASSWORD"
when:
branch: "antifascista"
event: "push"
matrix:
ALPINE_VERSION:
- "3.17.1"
- "3.17.3"

2
Dockerfile
View file

@ -5,7 +5,7 @@ MAINTAINER "f <f@sutty.nl>"
RUN addgroup -S -g 777 ssl
RUN install -dm 2700 -o root -g root /root/.ssh
RUN apk add --no-cache certbot jq wget openssh-client rsync
RUN apk add --no-cache certbot jq wget openssh-client rsync certbot-dns-njalla
COPY ./monit.conf /etc/monit.d/certbot.conf
COPY ./certbotd.sh /usr/local/bin/certbotd

26
certbotd.sh
View file

@ -42,26 +42,22 @@ set -e
case $1 in
# Renew certificates, trust in certbot's algorithms
renew)
/usr/bin/certbot renew --quiet --agree-tos
/usr/bin/certbot renew --quiet --agree-tos || true
touch "${updated}"
;;
bootstrap)
for site in ${SUTTY} api.${SUTTY}; do
test -d "/etc/letsencrypt/live/${site}" && exit 0
test -d "/etc/letsencrypt/live/${SUTTY}" && exit 0
# Get the certificate for the domain, the webserver will need
# access to this directory
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
--webroot \
--agree-tos \
--webroot-path /var/lib/letsencrypt \
-d "${site}"
# Get a single certificate for the whole domain
/usr/bin/certbot \
-a dns-njalla \
--dns-njalla-credentials /etc/letsencrypt/njalla.ini \
--email "certbot@${SUTTY}" \
--agree-tos \
-d "${SUTTY}" \
-d "*.${SUTTY}"
cd /etc/letsencrypt/live
ln -s ${SUTTY} default
touch "${updated}"
done
touch "${updated}"
;;
prune)