Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Sutty:ea05dd03e98968f043786857c6e746203be66257
Branches Tags
Sutty:antifascista
..
compare: Sutty:5fbfb3907598e0ce9fe7351e3868e289397aa0d4
Branches Tags
Sutty:antifascista

No commits in common. "ea05dd03e98968f043786857c6e746203be66257" and "5fbfb3907598e0ce9fe7351e3868e289397aa0d4" have entirely different histories.
ea05dd03e9 ... 5fbfb39075

3 changed files with 22 additions and 18 deletions
Show stats Expand all files Collapse all files

12
.woodpecker.yml
View file

@ -1,21 +1,21 @@
pipeline: pipeline:
publish: publish:
image: "docker.io/woodpeckerci/plugin-docker-buildx" image: "plugins/docker"
settings: settings:
registry: "https://gitea.nulo.in" registry: "registry.nulo.in"
username: "sutty" username: "sutty"
repo: "gitea.nulo.in/sutty/certbot" repo: "registry.nulo.in/sutty/certbot"
tags: tags:
- "${ALPINE_VERSION}" - "${ALPINE_VERSION}"
- "latest" - "latest"
build_args: build_args:
- "ALPINE_VERSION=${ALPINE_VERSION}" - "ALPINE_VERSION=${ALPINE_VERSION}"
- "BASE_IMAGE=gitea.nulo.in/sutty/monit" - "BASE_IMAGE=registry.nulo.in/sutty/monit"
secrets: secrets:
- "DOCKER_PASSWORD" - "docker_password"
when: when:
branch: "antifascista" branch: "antifascista"
event: "push" event: "push"
matrix: matrix:
ALPINE_VERSION: ALPINE_VERSION:
- "3.17.3" - "3.17.1"

2
Dockerfile
View file

@ -5,7 +5,7 @@ MAINTAINER "f <f@sutty.nl>"
RUN addgroup -S -g 777 ssl RUN addgroup -S -g 777 ssl
RUN install -dm 2700 -o root -g root /root/.ssh RUN install -dm 2700 -o root -g root /root/.ssh
RUN apk add --no-cache certbot jq wget openssh-client rsync certbot-dns-njalla RUN apk add --no-cache certbot jq wget openssh-client rsync
COPY ./monit.conf /etc/monit.d/certbot.conf COPY ./monit.conf /etc/monit.d/certbot.conf
COPY ./certbotd.sh /usr/local/bin/certbotd COPY ./certbotd.sh /usr/local/bin/certbotd

22
certbotd.sh
View file

@ -42,22 +42,26 @@ set -e
case $1 in case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
/usr/bin/certbot renew --quiet --agree-tos || true /usr/bin/certbot renew --quiet --agree-tos
touch "${updated}" touch "${updated}"
;; ;;
bootstrap) bootstrap)
test -d "/etc/letsencrypt/live/${SUTTY}" && exit 0 for site in ${SUTTY} api.${SUTTY}; do
test -d "/etc/letsencrypt/live/${site}" && exit 0
# Get a single certificate for the whole domain # Get the certificate for the domain, the webserver will need
/usr/bin/certbot \ # access to this directory
-a dns-njalla \ /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
--dns-njalla-credentials /etc/letsencrypt/njalla.ini \ --webroot \
--email "certbot@${SUTTY}" \
--agree-tos \ --agree-tos \
-d "${SUTTY}" \ --webroot-path /var/lib/letsencrypt \
-d "*.${SUTTY}" -d "${site}"
cd /etc/letsencrypt/live
ln -s ${SUTTY} default
touch "${updated}" touch "${updated}"
done
;; ;;
prune) prune)