Compare commits

...

4 commits

Author SHA1 Message Date
f
e667946b06 fix permissions only when something changed
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
since certbot doesn't do any pruning, fixing permissions all the time is
an IO issue
2022-08-01 17:54:30 -03:00
f
095d0968db Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista 2022-08-01 17:51:50 -03:00
f
9c4de359fb alpine upgrades 2022-07-19 18:48:03 -03:00
f
c90ba65374 alpine 3.16 2022-05-29 21:05:05 -03:00
2 changed files with 12 additions and 2 deletions

View file

@ -18,4 +18,5 @@ pipeline:
event: push event: push
matrix: matrix:
ALPINE_VERSION: ALPINE_VERSION:
- 3.15.4 - 3.16.1
- 3.15.5

View file

@ -6,12 +6,15 @@ if test -z "${NODES}"; then
fi fi
lock=/tmp/certbot.lck lock=/tmp/certbot.lck
updated=false
ensure() { ensure() {
test -n "$1" && echo "$1 received, exiting gracefully..." test -n "$1" && echo "$1 received, exiting gracefully..."
rm -f "${lock}" rm -f "${lock}"
${updated} || exit 0
# Fix permissions, users in group ssl have read access # Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750 find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640 find /etc/letsencrypt -type f | xargs -r chmod 640
@ -38,6 +41,7 @@ case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
/usr/bin/certbot renew --quiet --agree-tos /usr/bin/certbot renew --quiet --agree-tos
updated=true
;; ;;
bootstrap) bootstrap)
for site in ${SUTTY} api.${SUTTY}; do for site in ${SUTTY} api.${SUTTY}; do
@ -53,7 +57,11 @@ case $1 in
cd /etc/letsencrypt/live cd /etc/letsencrypt/live
ln -s ${SUTTY} default ln -s ${SUTTY} default
done ;; done
updated=true
;;
# Generate certificates # Generate certificates
*) *)
# Only one instance can run at a time # Only one instance can run at a time
@ -93,6 +101,7 @@ case $1 in
--agree-tos \ --agree-tos \
--webroot-path /var/lib/letsencrypt \ --webroot-path /var/lib/letsencrypt \
-d "${domain}" -d "${domain}"
updated=true
done done
esac esac