Migrate services part

2024-09-27 00:02:36 +02:00 · 2024-09-27 00:02:36 +02:00 · 73bce8f6e5
commit 73bce8f6e5
parent 7c59e4ae57
157 changed files with 3883 additions and 9 deletions
--- a/roles/lego/files/hook.sh
+++ b/roles/lego/files/hook.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+cp -f "$LEGO_CERT_PATH" /certificates
+cp -f "$LEGO_CERT_KEY_PATH" /certificates
+
+exit 33 # special exit code to signal that the certificate has been updated
--- a/roles/lego/files/lego.sh
+++ b/roles/lego/files/lego.sh
@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+set -a
+. ./service.env
+set +a
+
+domain="$1"
+action="${2:-renew}"
+
+docker compose run --rm app \
+	--domains "$domain" \
+	"$action" \
+	"--$action-hook" "/config/hook.sh"
+
+if [ "$?" = "33" ] && [ -x "./lego.d/$domain" ];
+then
+	echo "Running hook for $domain"
+	"./lego.d/$domain"
+fi
--- a/roles/lego/files/lego@.timer
+++ b/roles/lego/files/lego@.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Renew certificates
+
+[Timer]
+Persistent=true
+OnCalendar=*-*-* 01:15:00
+RandomizedDelaySec=2h
+
+[Install]
+WantedBy=timers.target
--- a/roles/lego/files/node002/db.serguzim.me
+++ b/roles/lego/files/node002/db.serguzim.me
@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+
+domain="db.serguzim.me"
+
+_install() {
+  install --owner=postgres --group=postgres --mode=600 \
+	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/var/lib/postgres/data/server.$1"
+}
+
+_install crt
+_install key
+
+sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
+
+# vim: ft=sh
--- a/roles/lego/files/node002/msrg.cc
+++ b/roles/lego/files/node002/msrg.cc
@ -0,0 +1,18 @@
+#!/usr/bin/env sh
+
+domain="msrg.cc"
+
+tmpdir=$(mktemp -d)
+trap 'rm -rf $tmpdir' EXIT
+
+cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
+cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
+
+curl \
+	-F submit="submit" \
+	-F token="$WIUWIU_TOKEN" \
+	-F "cert=@$tmpdir/fullchain.pem" \
+	-F "key=@$tmpdir/privkey.pem" \
+	https://cert-upload.wiuwiu.de/
+
+# vim: ft=sh
--- a/roles/lego/files/node002/registry.serguzim.me
+++ b/roles/lego/files/node002/registry.serguzim.me
@ -0,0 +1,17 @@
+#!/usr/bin/env sh
+
+domain="registry.serguzim.me"
+
+_install() {
+  install --owner=root --group=root --mode=600 \
+	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/opt/services/harbor/server.$1"
+}
+
+_install crt
+_install key
+
+export HARBOR_BUNDLE_DIR=/opt/services/harbor
+$HARBOR_BUNDLE_DIR/harbor/install.sh
+
+# vim: ft=sh