Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

view etc/periodic/weekly/800.local-certbot-post-deploy @ 387:9921352225a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Weekly periodic script to execute an action when any of given files are readable. Intended to trigger host-level actions after certbot actions in jails.
author Franz Glasner <fzglas.hg@dom66.de>
date Thu, 23 Feb 2023 09:08:20 +0100
parents
children
line wrap: on
line source

#!/bin/sh
# -*- indent-tabs-mode: nil; -*-
#
# @(#)@@SIMPLEVERSIONTAG@@
#
# Weekly script to indirectly trigger post deploy actions
#
# Must be executed **after** 500.certbot.
# Otherwise an extra week of delay is encountered.
#

# If there is a global system configuration file, suck it in.
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

: ${weekly_local_certbot_post_deploy_enable:=NO}
: ${weekly_local_certbot_post_deploy_files:=}
# e.g. "service nginx onestatus"
: ${weekly_local_certbot_post_deploy_condition:=}
# e.g. "service nginx reload"
: ${weekly_local_certbot_post_deploy_action:=}
: ${weekly_local_certbot_post_deploy_files_remove:=YES}

case "${weekly_local_certbot_post_deploy_enable}" in
    [Yy][Ee][Ss])
        echo
        echo "Testing for newly renewed Let's Encrypt certificates"

        rc=0

        _do_action=""
        _remove_files=""

        for _f in ${weekly_local_certbot_post_deploy_files}; do
            if [ -r "${_f}" ]; then
                _do_action="yes"
                case "${weekly_local_certbot_post_deploy_files_remove}" in
                    [Yy][Ee][Ss])
                        _remove_files="${_remove_files} ${_f}"
                        ;;
                esac
            fi
        done

        if [ "${_do_action}" = "yes" ]; then
            if [ -z "${weekly_local_certbot_post_deploy_action}" ]; then
                echo "ERROR: no deploy action defined" 1>&2
                exit 2
            fi

            echo "Deploying newly renewed Let's Encrypt certificates"
            if [ -n "${weekly_local_certbot_post_deploy_condition}" ]; then
                if ${weekly_local_certbot_post_deploy_condition} ; then
                    ${weekly_local_certbot_post_deploy_action}
                    rc=$?
                else
                    rc=1
                fi
            else
                ${weekly_local_certbot_post_deploy_action}
                rc=$?
            fi

            # Remove trigger files if configured to do so
            if [ ${rc} -eq 0 ]; then
                echo "Removing trigger files..."
                for _rf in ${_remove_files}; do
                    rm -fv "${_rf}"
                done
            fi
        else
            echo "No newly renewed Let's Encrypt certificates found"
        fi
        ;;

    *)
        rc=0
        ;;
esac

exit ${rc}