freshen run scripts

2023-07-08 15:34:28 -04:00 · 2023-07-08 15:34:28 -04:00 · 5212f5545d
parent 84fdcad3c4
commit 5212f5545d
3 changed files with 73 additions and 68 deletions
--- a/override/etc/periodic/daily/certbot-renew
+++ b/override/etc/periodic/daily/certbot-renew
@ -1,14 +1,18 @@
 #!/command/with-contenv /bin/bash

-B_RSA=${B_RSA:-4096}
-B_ECDSA=${B_ECDSA:-384}
+if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
+  exit 0
+fi

+export HOME=/mnt/config/home
+export B_RSA=${B_RSA:-4096}
+export B_ECDSA=${B_ECDSA:-384}
+
+cd /mnt/config/home || exit 1
 if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
  if [[ ${B_ECDSA} -gt 0 ]]; then
    /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
  else
-    /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size ${B_RSA} --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
+    /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
  fi
 fi
-
-exit 0
--- a/override/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/override/etc/s6-overlay/s6-rc.d/nginx/run
@ -1,41 +1,38 @@
 #!/command/with-contenv /bin/bash

-DOMAINNAME=${SSLPRIMARY:-"example.net"}
+export HOME=/mnt/config/home
+export DOMAINNAME=${SSLPRIMARY:-"example.net"}
+export ADMINIP=${ADMINIP:-"127.0.0.1"}
+export DNSADDR=${DNSADDR:-"8.8.8.8 8.8.4.4"}
+export TRUSTSN=${TRUSTSN:-"192.168.0.0/16"}
+export THISIP=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $3}')
+export THISSN=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $7}')
+export TRSTIP=$(/bin/ipcalc -n "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
+export TRSTPF=$(/bin/ipcalc -p "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
+export SSLPRIMARY=$(/bin/echo "$SSLDOMAINS" | /usr/bin/tr ',' ' ' | /usr/bin/awk '{print $1}')
+export B_MODULI=${B_MODULI:-4096}

-ADMINIP=${ADMINIP:-"127.0.0.1"}
-DNSADDR=${DNSADDR:-"8.8.8.8 8.8.4.4"}
-TRUSTSN=${TRUSTSN:-"192.168.0.0/16"}
-
-THISIP=`/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $3}'`
-THISSN=`/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $7}'`
-TRSTIP=`/bin/ipcalc -n $THISIP $THISSN | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}'`
-TRSTPF=`/bin/ipcalc -p $THISIP $THISSN | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}'`
-
-SSLPRIMARY=`echo $SSLDOMAINS | /usr/bin/tr ',' ' ' | /usr/bin/awk '{print $1}'`
-B_MODULI=${B_MODULI:-4096}
+cd /mnt/config/home || exit 1

 # Build Configuration

 if [[ ! -d /mnt/config/etc/nginx.d ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/nginx.d
 fi
-
 for NGF in /etc/nginx/nginx.d/*; do
-  NGE="/mnt/config/etc/nginx.d/$(/usr/bin/basename -- $NGF)"
+  NGE=/mnt/config/etc/nginx.d/$(/usr/bin/basename -- "$NGF")
  if [[ ! -f ${NGE} ]]; then
-    /command/s6-setuidgid guardian /bin/cp ${NGF} ${NGE}
-
-    /bin/sed -i -e "s/127.0.0.1/${ADMINIP}/g" ${NGE}
-    /bin/sed -i -e "s/example.net/${DOMAINNAME}/g" ${NGE}
-    /bin/sed -i -e "s~ip_from 192.168.0.0/16~ip_from ${TRSTIP}/${TRSTPF}~g" ${NGE}
-    /bin/sed -i -e "s~allow 192.168.0.0/16~allow ${TRUSTSN}~g" ${NGE}
-
-    if [[ ! -z "${SSLPRIMARY}" ]]; then
-      /bin/sed -i -e 's/#NOSSL:/#/g' ${NGE}
-      /bin/sed -i -e 's/#SSL://g' ${NGE}
+    /command/s6-setuidgid guardian /bin/cp "${NGF}" "${NGE}"
+    /bin/sed -i -e "s/127.0.0.1/${ADMINIP}/g" "${NGE}"
+    /bin/sed -i -e "s/example.net/${DOMAINNAME}/g" "${NGE}"
+    /bin/sed -i -e "s~ip_from 192.168.0.0/16~ip_from ${TRSTIP}/${TRSTPF}~g" "${NGE}"
+    /bin/sed -i -e "s~allow 192.168.0.0/16~allow ${TRUSTSN}~g" "${NGE}"
+    if [[ -n "${SSLPRIMARY}" ]]; then
+      /bin/sed -i -e 's/#NOSSL:/#/g' "${NGE}"
+      /bin/sed -i -e 's/#SSL://g' "${NGE}"
    else
-      /bin/sed -i -e 's/#NOSSL://g' ${NGE}
-      /bin/sed -i -e 's/#SSL:/#/g' ${NGE}
+      /bin/sed -i -e 's/#NOSSL://g' "${NGE}"
+      /bin/sed -i -e 's/#SSL:/#/g' "${NGE}"
    fi
  fi
 done
@ -43,8 +40,7 @@ done
 if [[ ! -f /mnt/config/etc/nginx.conf ]]; then
  /command/s6-setuidgid guardian /bin/cp /etc/nginx/nginx.conf /mnt/config/etc/nginx.conf
  /bin/sed -i -e "s~8.8.8.8 8.8.4.4~${DNSADDR}~g" /mnt/config/etc/nginx.conf
-
-  if [[ ! -z "${SSLPRIMARY}" ]]; then
+  if [[ -n "${SSLPRIMARY}" ]]; then
    /bin/sed -i -e 's/#NOSSL:/#/g' /mnt/config/etc/nginx.conf
    /bin/sed -i -e 's/#SSL://g' /mnt/config/etc/nginx.conf
  else
@ -53,14 +49,13 @@ if [[ ! -f /mnt/config/etc/nginx.conf ]]; then
  fi
 fi

-if [[ ! -z "${SSLPRIMARY}" ]]; then
+if [[ -n "${SSLPRIMARY}" ]]; then
  if [[ ! -d /mnt/config/ssl ]]; then
    /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl
    /command/s6-setuidgid guardian /bin/chmod 700 /mnt/config/ssl
  fi
  if [[ ! -f /mnt/config/ssl/dhparam.pem ]]; then
-    export HOME=/mnt/config/home
-    /command/s6-setuidgid guardian /usr/bin/openssl dhparam -out /mnt/config/ssl/dhparam.pem ${B_MODULI}
+    /command/s6-setuidgid guardian /usr/bin/openssl dhparam -out /mnt/config/ssl/dhparam.pem "${B_MODULI}"
  fi
 fi

@ -83,19 +78,20 @@ if [[ -f /mnt/config/log/nginx-error.log ]]; then
 else
  /command/s6-setuidgid guardian /bin/touch /mnt/config/log/nginx-error.log
 fi
+if [[ -f /var/log/nginx/error.log ]]; then
+  /bin/cat /var/log/nginx/error.log | /command/s6-setuidgid guardian /usr/bin/tee -a /mnt/config/log/nginx-error.log
+  /bin/rm -f /var/log/nginx/error.log
+fi

 # Create Web Directory

 if [[ ! -d /mnt/config/www ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/www/default
-  /command/s6-setuidgid guardian /bin/cp -Rn /var/www/html/* /mnt/config/www/default/
+  if [[ -d /mnt/config/www ]]; then
+    /command/s6-setuidgid guardian /bin/cp -Rn /var/www/html/* /mnt/config/www/default/
+  fi
 fi

 # Start Service

-export HOME=/mnt/config/home
 exec /usr/sbin/nginx -c /mnt/config/etc/nginx.conf;
-if [[ -f /var/log/nginx/error.log ]]; then
-  /bin/cat /var/log/nginx/error.log | /usr/bin/tee -a /mnt/config/log/nginx-error.log
-  /bin/rm -f /var/log/nginx/error.log
-fi
--- a/override/usr/local/bin/certify
+++ b/override/usr/local/bin/certify
@ -4,62 +4,67 @@ if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
  exit 0
 fi

-B_RSA=${B_RSA:-4096}
-B_ECDSA=${B_ECDSA:-384}
+export HOME=/mnt/config/home
+export B_RSA=${B_RSA:-4096}
+export B_ECDSA=${B_ECDSA:-384}
+export CURDOMAINS=""
+
+cd /mnt/config/home || exit 1

 # Determine Need

 if [[ ! -d /mnt/config/etc/certbot ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/certbot
 fi
-echo "$SSLDOMAINS" > /mnt/config/etc/certbot/requested
-
-if [[ ! -f /mnt/config/etc/certbot/configured ]]; then
-  echo "" > /mnt/config/etc/certbot/configured
+if [[ -d /mnt/config/etc/certbot ]]; then
+  /bin/echo "$SSLDOMAINS" | /command/s6-setuidgid guardian /usr/bin/tee /mnt/config/etc/certbot/requested
+fi
+if [[ -f /mnt/config/etc/certbot/configured ]]; then
+  export CURDOMAINS=$(/usr/bin/head -1 /mnt/config/etc/certbot/configured)
 fi
-CURDOMAINS=`/usr/bin/head -1 /mnt/config/etc/certbot/configured`

 if [[ -z "${SSLDOMAINS}" && -z "${CURDOMAINS}" ]]; then
  exit 0
 fi

-# Create Log Directory
+# Revoke Existing Certificates

 if [[ ! -d /mnt/config/log ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/log
 fi
-
-# Revoke Existing Certificates
-
 if [[ ! -d /mnt/config/ssl/live ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl/live
 fi
 if [[ -f /mnt/config/ssl/live/README ]]; then
  /bin/rm -f /mnt/config/ssl/live/README
 fi
-if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" ]]; then
+if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" && -d /mnt/config/ssl/live ]]; then
  if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
    /bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot revoke -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-path "/mnt/config/ssl/live/{}/fullchain.pem" --reason superseded --work-dir /tmp/certbot
    /bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot delete -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-name "{}" --work-dir /tmp/certbot
-    /bin/rm -rf /mnt/config/etc/certbot/configured
+    if [[ -f /mnt/config/etc/certbot/configured ]]; then
+      /bin/rm -rf /mnt/config/etc/certbot/configured
+    fi
  fi
 fi

 # Renew Or Create Certificates

-if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
-  if [[ ! -z "$SSLDOMAINS" && $SSLEMAIL == *@* ]]; then
-    if [[ ${B_ECDSA} -gt 0 ]]; then
-      /command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
-    else
-      /command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size ${B_RSA} --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
-    fi
-    if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
-      /command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
+if [[ -d /mnt/config/ssl/live ]]; then
+  if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
+    if [[ -n "$SSLDOMAINS" && $SSLEMAIL == *@* && -f /mnt/config/etc/certbot/requested ]]; then
+      if [[ ${B_ECDSA} -gt 0 ]]; then
+        /command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
+      else
+        /command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size "${B_RSA}" --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
+      fi
+      if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
+        /command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
+      fi
    fi
+  elif [[ ${B_ECDSA} -gt 0 ]]; then
+    /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
+  else
+    /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
  fi
-elif [[ ${B_ECDSA} -gt 0 ]]; then
-  /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
-else
-  /command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size ${B_RSA} --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
 fi