[packages/dehydrated.git] / hook-dns-01.sh

#!/bin/sh
# based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script

set -eu

# concat file atomic way
atomic_concat() {
	local file=$1; shift
	> $file.new
	chmod 600 $file.new
	cat "$@" > $file.new
	cp -f $file $file.dehydrated~
	mv -f $file.new $file
}

lighttpd_reload() {
	if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
	atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	/sbin/service lighttpd reload
}

haproxy_reload() {
	if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
	atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	/sbin/service haproxy reload
}

nginx_reload() {
	if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
	atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
	atomic_concat /etc/nginx/server.key "$PRIVKEY"
	/sbin/service nginx reload
}

httpd_reload() {
	if [ ! -x /etc/rc.d/init.d/httpd ]; then
		return
	fi

	echo " + Hook: Reloading Apache 2..."
	atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
	atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
	/sbin/service httpd graceful
}

case "$1" in
	"deploy_challenge")
		echo ""
		echo "Add the following to the zone definition of ${2}:"
		echo "'_acme-challenge.${2}:${4}:300"
		echo ""
		echo -n "Press enter to continue..."
		read tmp
		echo ""
	;;
	"clean_challenge")
		echo ""
		echo "Now you can remove the following from the zone definition of ${2}:"
		echo "'_acme-challenge.${2}:${4}:300"
		echo ""
		echo -n "Press enter to continue..."
		read tmp
		echo ""
	;;
	"deploy_cert")
		DOMAIN="$2"
		PRIVKEY="$3"
		CERT="$4"
		FULLCHAINCERT="$5"
		CHAINCERT="$6"
		TIMESTAMP="$7"

		lighttpd_reload
		nginx_reload
		httpd_reload
		haproxy_reload
	;;
	"unchanged_cert")
		# do nothing for now
	;;
	*)
		echo "Unknown hook \"${1}\""
		exit 1
	;;
esac

exit 0
Commit	Line	Data
3870bab0	1	#!/bin/sh
f60f554e ER	2	# based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
f60f554e ER	3
3870bab0 ER	4	set -eu
	5
	6	# concat file atomic way
	7	atomic_concat() {
	8	local file=$1; shift
	9	> $file.new
	10	chmod 600 $file.new
	11	cat "$@" > $file.new
	12	cp -f $file $file.dehydrated~
	13	mv -f $file.new $file
	14	}
	15
	16	lighttpd_reload() {
	17	if [ ! -x /usr/sbin/lighttpd ] \|\| [ ! -f /etc/lighttpd/server.pem ]; then
	18	return
	19	fi
	20
	21	echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
	22	atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	23	/sbin/service lighttpd reload
	24	}
	25
	26	haproxy_reload() {
	27	if [ ! -x /usr/sbin/haproxy ] \|\| [ ! -f /etc/haproxy/server.pem ]; then
	28	return
	29	fi
	30
	31	echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
	32	atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	33	/sbin/service haproxy reload
	34	}
	35
	36	nginx_reload() {
	37	if [ ! -f /etc/nginx/server.crt ] \|\| [ ! -f /etc/nginx/server.key ]; then
	38	return
	39	fi
	40
	41	echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
	42	atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
	43	atomic_concat /etc/nginx/server.key "$PRIVKEY"
	44	/sbin/service nginx reload
	45	}
	46
	47	httpd_reload() {
	48	if [ ! -x /etc/rc.d/init.d/httpd ]; then
	49	return
	50	fi
	51
30b951d8 ER	52	echo " + Hook: Reloading Apache 2..."
	53	atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
	54	atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
3870bab0 ER	55	/sbin/service httpd graceful
3870bab0 ER	56	}
f60f554e ER	57
	58	case "$1" in
	59	"deploy_challenge")
	60	echo ""
	61	echo "Add the following to the zone definition of ${2}:"
	62	echo "'_acme-challenge.${2}:${4}:300"
	63	echo ""
	64	echo -n "Press enter to continue..."
	65	read tmp
	66	echo ""
	67	;;
	68	"clean_challenge")
	69	echo ""
	70	echo "Now you can remove the following from the zone definition of ${2}:"
	71	echo "'_acme-challenge.${2}:${4}:300"
	72	echo ""
	73	echo -n "Press enter to continue..."
	74	read tmp
	75	echo ""
	76	;;
	77	"deploy_cert")
	78	DOMAIN="$2"
	79	PRIVKEY="$3"
	80	CERT="$4"
	81	FULLCHAINCERT="$5"
	82	CHAINCERT="$6"
	83	TIMESTAMP="$7"
3870bab0 ER	84
	85	lighttpd_reload
	86	nginx_reload
	87	httpd_reload
	88	haproxy_reload
f60f554e ER	89	;;
	90	"unchanged_cert")
	91	# do nothing for now
	92	;;
	93	*)
	94	echo "Unknown hook \"${1}\""
	95	exit 1
	96	;;
	97	esac
	98
	99	exit 0