Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

diff etc/periodic/weekly/800.local-certbot-post-deploy @ 387:9921352225a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Weekly periodic script to execute an action when any of given files are readable. Intended to trigger host-level actions after certbot actions in jails.
author Franz Glasner <fzglas.hg@dom66.de>
date Thu, 23 Feb 2023 09:08:20 +0100
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/periodic/weekly/800.local-certbot-post-deploy	Thu Feb 23 09:08:20 2023 +0100
@@ -0,0 +1,84 @@
+#!/bin/sh
+# -*- indent-tabs-mode: nil; -*-
+#
+# @(#)@@SIMPLEVERSIONTAG@@
+#
+# Weekly script to indirectly trigger post deploy actions
+#
+# Must be executed **after** 500.certbot.
+# Otherwise an extra week of delay is encountered.
+#
+
+# If there is a global system configuration file, suck it in.
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+: ${weekly_local_certbot_post_deploy_enable:=NO}
+: ${weekly_local_certbot_post_deploy_files:=}
+# e.g. "service nginx onestatus"
+: ${weekly_local_certbot_post_deploy_condition:=}
+# e.g. "service nginx reload"
+: ${weekly_local_certbot_post_deploy_action:=}
+: ${weekly_local_certbot_post_deploy_files_remove:=YES}
+
+case "${weekly_local_certbot_post_deploy_enable}" in
+    [Yy][Ee][Ss])
+        echo
+        echo "Testing for newly renewed Let's Encrypt certificates"
+
+        rc=0
+
+        _do_action=""
+        _remove_files=""
+
+        for _f in ${weekly_local_certbot_post_deploy_files}; do
+            if [ -r "${_f}" ]; then
+                _do_action="yes"
+                case "${weekly_local_certbot_post_deploy_files_remove}" in
+                    [Yy][Ee][Ss])
+                        _remove_files="${_remove_files} ${_f}"
+                        ;;
+                esac
+            fi
+        done
+
+        if [ "${_do_action}" = "yes" ]; then
+            if [ -z "${weekly_local_certbot_post_deploy_action}" ]; then
+                echo "ERROR: no deploy action defined" 1>&2
+                exit 2
+            fi
+
+            echo "Deploying newly renewed Let's Encrypt certificates"
+            if [ -n "${weekly_local_certbot_post_deploy_condition}" ]; then
+                if ${weekly_local_certbot_post_deploy_condition} ; then
+                    ${weekly_local_certbot_post_deploy_action}
+                    rc=$?
+                else
+                    rc=1
+                fi
+            else
+                ${weekly_local_certbot_post_deploy_action}
+                rc=$?
+            fi
+
+            # Remove trigger files if configured to do so
+            if [ ${rc} -eq 0 ]; then
+                echo "Removing trigger files..."
+                for _rf in ${_remove_files}; do
+                    rm -fv "${_rf}"
+                done
+            fi
+        else
+            echo "No newly renewed Let's Encrypt certificates found"
+        fi
+        ;;
+
+    *)
+        rc=0
+        ;;
+esac
+
+exit ${rc}