invario
2 days ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 148 additions and 0 deletions
@ -0,0 +1,148 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy-hook to very simply copy files to set directories and then |
|||
# execute whatever reloadcmd the admin needs afterwards. This can be |
|||
# useful for configurations where the "multideploy" hook (in development) |
|||
# is used or when an admin wants ACME.SH to renew certs but needs to |
|||
# manually configure deployment via an external script |
|||
# (e.g. The deploy-freenas script for TrueNAS Core/Scale |
|||
# https://github.com/danb35/deploy-freenas/ ) |
|||
# |
|||
# If the same file is configured for the certificate key |
|||
# and the certificate and/or full chain, a combined PEM file will |
|||
# be output instead. |
|||
# |
|||
# Environment variables to be utilized are as follows: |
|||
# |
|||
# DEPLOY_LOCALCOPY_CERTKEY - /path/to/target/cert.key |
|||
# DEPLOY_LOCALCOPY_CERTIFICATE - /path/to/target/cert.cer |
|||
# DEPLOY_LOCALCOPY_FULLCHAIN - /path/to/target/fullchain.cer |
|||
# DEPLOY_LOCALCOPY_CA - /path/to/target/ca.cer |
|||
# DEPLOY_LOCALCOPY_PFX - /path/to/target/cert.pfx |
|||
# DEPLOY_LOCALCOPY_RELOADCMD - "echo 'this is my cmd'" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
localcopy_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
_cpfx="$6" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
_debug _cpfx "$_cpfx" |
|||
|
|||
_getdeployconf DEPLOY_LOCALCOPY_CERTIFICATE |
|||
_getdeployconf DEPLOY_LOCALCOPY_CERTKEY |
|||
_getdeployconf DEPLOY_LOCALCOPY_FULLCHAIN |
|||
_getdeployconf DEPLOY_LOCALCOPY_CA |
|||
_getdeployconf DEPLOY_LOCALCOPY_RELOADCMD |
|||
_getdeployconf DEPLOY_LOCALCOPY_PFX |
|||
_combined_target="" |
|||
_combined_srccert="" |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_CERTKEY" ] && |
|||
{ [ "$DEPLOY_LOCALCOPY_CERTKEY" = "$DEPLOY_LOCALCOPY_FULLCHAIN" ] || |
|||
[ "$DEPLOY_LOCALCOPY_CERTKEY" = "$DEPLOY_LOCALCOPY_CERTIFICATE" ]; }; then |
|||
|
|||
_combined_target="$DEPLOY_LOCALCOPY_CERTKEY" |
|||
_savedeployconf DEPLOY_LOCALCOPY_CERTKEY "$DEPLOY_LOCALCOPY_CERTKEY" |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_CERTKEY" = "$DEPLOY_LOCALCOPY_CERTIFICATE" ]; then |
|||
_combined_srccert="$_ccert" |
|||
_savedeployconf DEPLOY_LOCALCOPY_CERTIFICATE "$DEPLOY_LOCALCOPY_CERTIFICATE" |
|||
DEPLOY_LOCALCOPY_CERTIFICATE="" |
|||
fi |
|||
if [ "$DEPLOY_LOCALCOPY_CERTKEY" = "$DEPLOY_LOCALCOPY_FULLCHAIN" ]; then |
|||
_combined_srccert="$_cfullchain" |
|||
_savedeployconf DEPLOY_LOCALCOPY_FULLCHAIN "$DEPLOY_LOCALCOPY_FULLCHAIN" |
|||
DEPLOY_LOCALCOPY_FULLCHAIN="" |
|||
fi |
|||
DEPLOY_LOCALCOPY_CERTKEY="" |
|||
_info "Creating combined PEM at $_combined_target" |
|||
_tmpfile="$(mktemp)" |
|||
if ! cat "$_combined_srccert" "$_ckey" >"$_tmpfile"; then |
|||
_err "Failed to build combined PEM file" |
|||
return 1 |
|||
fi |
|||
if ! mv "$_tmpfile" "$_combined_target"; then |
|||
_err "Failed to move combined PEM into place" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_CERTIFICATE" ]; then |
|||
_info "Copying certificate" |
|||
_debug "Copying $_ccert to $DEPLOY_LOCALCOPY_CERTIFICATE" |
|||
if ! eval "cp $_ccert $DEPLOY_LOCALCOPY_CERTIFICATE"; then |
|||
_err "Failed to copy certificate, aborting." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_CERTKEY" ]; then |
|||
_info "Copying certificate key" |
|||
_debug "Copying $_ckey to $DEPLOY_LOCALCOPY_CERTKEY" |
|||
if ! eval "cp $_ckey $DEPLOY_LOCALCOPY_CERTKEY"; then |
|||
_err "Failed to copy certificate key, aborting." |
|||
return 1 |
|||
fi |
|||
_savedeployconf DEPLOY_LOCALCOPY_CERTKEY "$DEPLOY_LOCALCOPY_CERTKEY" |
|||
fi |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_FULLCHAIN" ]; then |
|||
_info "Copying fullchain" |
|||
_debug "Copying $_cfullchain to $DEPLOY_LOCALCOPY_FULLCHAIN" |
|||
if ! eval "cp $_cfullchain $DEPLOY_LOCALCOPY_FULLCHAIN"; then |
|||
_err "Failed to copy fullchain, aborting." |
|||
return 1 |
|||
fi |
|||
_savedeployconf DEPLOY_LOCALCOPY_FULLCHAIN "$DEPLOY_LOCALCOPY_FULLCHAIN" |
|||
fi |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_CA" ]; then |
|||
_info "Copying CA" |
|||
_debug "Copying $_cca to $DEPLOY_LOCALCOPY_CA" |
|||
if ! eval "cp $_cca $DEPLOY_LOCALCOPY_CA"; then |
|||
_err "Failed to copy CA, aborting." |
|||
return 1 |
|||
fi |
|||
_savedeployconf DEPLOY_LOCALCOPY_CA "$DEPLOY_LOCALCOPY_CA" |
|||
fi |
|||
|
|||
if [ "$DEPLOY_LOCALCOPY_PFX" ]; then |
|||
_info "Copying PFX" |
|||
_debug "Copying $_cpfx to $DEPLOY_LOCALCOPY_PFX" |
|||
if ! eval "cp $_cpfx $DEPLOY_LOCALCOPY_PFX"; then |
|||
_err "Failed to copy PFX, aborting." |
|||
return 1 |
|||
fi |
|||
_savedeployconf DEPLOY_LOCALCOPY_PFX "$DEPLOY_LOCALCOPY_PFX" |
|||
fi |
|||
|
|||
_reload=$DEPLOY_LOCALCOPY_RELOADCMD |
|||
_debug "Running reloadcmd $_reload" |
|||
|
|||
if [ -z "$_reload" ]; then |
|||
_info "Reloadcmd not provided, skipping." |
|||
else |
|||
_info "Reloading" |
|||
if eval "$_reload"; then |
|||
_info "Reload successful." |
|||
_savedeployconf DEPLOY_LOCALCOPY_RELOADCMD "$DEPLOY_LOCALCOPY_RELOADCMD" "base64" |
|||
else |
|||
_err "Reload failed." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_info "$(__green "'localcopy' deploy success")" |
|||
return 0 |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue