initial commit for certmgmt
This commit is contained in:
commit
8380248002
|
@ -0,0 +1,31 @@
|
|||
pkgname='certmgmt'
|
||||
pkgver=0.1
|
||||
pkgrel=6
|
||||
pkgdesc='certmgmt is a collection of infrastructure to manage acme-tiny'
|
||||
arch=('x86_64')
|
||||
depends=('acme-tiny' 'systemd')
|
||||
|
||||
source=(
|
||||
'certmgmt'
|
||||
'certmgmt.conf'
|
||||
'certmgmt.sysusers'
|
||||
'certmgmt.tmpfiles'
|
||||
'certmgmt@.service'
|
||||
'certmgmt@.timer'
|
||||
)
|
||||
backup=('etc/certmgmt.conf')
|
||||
sha256sums=('d2bc6e60e802161a7c202605eadaba476f03ab307f95b08c57bae2e9208cea71'
|
||||
'6a72a9d006f8af929385770acac85168d276ba3aa092e829f25c4b573406085a'
|
||||
'526673acbfe4f8e1e5d5f9dee56d87196c1d8019dfb7e1a13941bb03bb4a56af'
|
||||
'898396693c9f10fc094f571f81045f634a9ec72bd0ae16959b3774a931c512dc'
|
||||
'897d2655224debfad543547e9920a08fe965ffb08354d1ff477be2c0d115d4a0'
|
||||
'51f0f939b753fd142ef6a3659066446933ec8700dddc33f227ef3ecc5653ce8e')
|
||||
|
||||
package() {
|
||||
install -Dm 0644 "${srcdir}/certmgmt.conf" "${pkgdir}/etc/certmgmt.conf"
|
||||
install -Dm 0644 "${srcdir}/certmgmt.sysusers" "${pkgdir}/usr/lib/sysusers.d/certmgmt.conf"
|
||||
install -Dm 0644 "${srcdir}/certmgmt.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/certmgmt.conf"
|
||||
install -Dm 0755 "${srcdir}/certmgmt" "${pkgdir}/opt/certmgmt/bin/certmgmt"
|
||||
install -Dm 0644 "${srcdir}/certmgmt@.service" "${pkgdir}/usr/lib/systemd/system/certmgmt@.service"
|
||||
install -Dm 0644 "${srcdir}/certmgmt@.timer" "${pkgdir}/usr/lib/systemd/system/certmgmt@.timer"
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ ! -f "/etc/certmgmt.conf" ]; then
|
||||
echo "config file '/etc/certmgmt/certmgmt.conf' not found"
|
||||
exit 1
|
||||
fi
|
||||
. /etc/certmgmt.conf
|
||||
|
||||
if [ -z "${ACCOUNT_FILE}" ]; then
|
||||
echo "ACCOUNT_FILE was not found in config file"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f "${ACCOUNT_FILE}" ]; then
|
||||
echo "account file was not found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "no domain given to check"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "/opt/certmgmt/certs/${1}/csr" ]; then
|
||||
echo "certificate request is missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
age="$(find "/opt/certmgmt/certs/${1}/crt" -mtime -60 | wc -l)"
|
||||
if [ "${age}" -gt "0" ]; then
|
||||
echo "certificate exists and is not old enough for renewal"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
acme-tiny \
|
||||
--account-key "${ACCOUNT_FILE}" \
|
||||
--csr "/opt/certmgmt/certs/${1}/csr" \
|
||||
--acme-dir '/opt/certmgmt/challenges' \
|
||||
> "/opt/certmgmt/certs/${1}/crt"
|
||||
#--directory-url https://acme-staging-v02.api.letsencrypt.org/directory \
|
||||
if [ "$?" -gt "0" ]; then
|
||||
rm "/opt/certmgmt/certs/${1}/crt"
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,2 @@
|
|||
# set the path to the account file
|
||||
ACCOUNT_FILE="/etc/certmgmt.account"
|
|
@ -0,0 +1 @@
|
|||
u certmgmt - "acme-tiny cert manager" / /sbin/nologin
|
|
@ -0,0 +1 @@
|
|||
d /opt/certmgmt 0750 certmgmt certmgmt -
|
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=refresh certificate %i
|
||||
After=network.target network-online.target nginx.service
|
||||
Requires=nginx.service
|
||||
|
||||
[Service]
|
||||
User=certmgmt
|
||||
Group=certmgmt
|
||||
Type=oneshot
|
||||
ExecStart=/opt/certmgmt/bin/certmgmt %i
|
||||
ExecStartPost=+/usr/bin/systemctl reload nginx
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=refresh certificate %i
|
||||
After=network.target network-online.target nginx.service
|
||||
Requires=nginx.service
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
Persistent=true
|
||||
RandomizedDelaySec=300
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
Loading…
Reference in New Issue