Migrate services part
This commit is contained in:
parent
7c59e4ae57
commit
73bce8f6e5
157 changed files with 3883 additions and 9 deletions
roles/lego/files
6
roles/lego/files/hook.sh
Normal file
6
roles/lego/files/hook.sh
Normal file
|
@ -0,0 +1,6 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
cp -f "$LEGO_CERT_PATH" /certificates
|
||||
cp -f "$LEGO_CERT_KEY_PATH" /certificates
|
||||
|
||||
exit 33 # special exit code to signal that the certificate has been updated
|
19
roles/lego/files/lego.sh
Executable file
19
roles/lego/files/lego.sh
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
set -a
|
||||
. ./service.env
|
||||
set +a
|
||||
|
||||
domain="$1"
|
||||
action="${2:-renew}"
|
||||
|
||||
docker compose run --rm app \
|
||||
--domains "$domain" \
|
||||
"$action" \
|
||||
"--$action-hook" "/config/hook.sh"
|
||||
|
||||
if [ "$?" = "33" ] && [ -x "./lego.d/$domain" ];
|
||||
then
|
||||
echo "Running hook for $domain"
|
||||
"./lego.d/$domain"
|
||||
fi
|
10
roles/lego/files/lego@.timer
Normal file
10
roles/lego/files/lego@.timer
Normal file
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Renew certificates
|
||||
|
||||
[Timer]
|
||||
Persistent=true
|
||||
OnCalendar=*-*-* 01:15:00
|
||||
RandomizedDelaySec=2h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
16
roles/lego/files/node002/db.serguzim.me
Executable file
16
roles/lego/files/node002/db.serguzim.me
Executable file
|
@ -0,0 +1,16 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="db.serguzim.me"
|
||||
|
||||
_install() {
|
||||
install --owner=postgres --group=postgres --mode=600 \
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/var/lib/postgres/data/server.$1"
|
||||
}
|
||||
|
||||
_install crt
|
||||
_install key
|
||||
|
||||
sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
|
||||
|
||||
# vim: ft=sh
|
18
roles/lego/files/node002/msrg.cc
Executable file
18
roles/lego/files/node002/msrg.cc
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="msrg.cc"
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'rm -rf $tmpdir' EXIT
|
||||
|
||||
cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
|
||||
cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
|
||||
|
||||
curl \
|
||||
-F submit="submit" \
|
||||
-F token="$WIUWIU_TOKEN" \
|
||||
-F "cert=@$tmpdir/fullchain.pem" \
|
||||
-F "key=@$tmpdir/privkey.pem" \
|
||||
https://cert-upload.wiuwiu.de/
|
||||
|
||||
# vim: ft=sh
|
17
roles/lego/files/node002/registry.serguzim.me
Executable file
17
roles/lego/files/node002/registry.serguzim.me
Executable file
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="registry.serguzim.me"
|
||||
|
||||
_install() {
|
||||
install --owner=root --group=root --mode=600 \
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/opt/services/harbor/server.$1"
|
||||
}
|
||||
|
||||
_install crt
|
||||
_install key
|
||||
|
||||
export HARBOR_BUNDLE_DIR=/opt/services/harbor
|
||||
$HARBOR_BUNDLE_DIR/harbor/install.sh
|
||||
|
||||
# vim: ft=sh
|
Loading…
Add table
Add a link
Reference in a new issue