sovereign-stack/deployment/www/generate_certs.sh

#!/bin/bash

set -ex


# let's do a refresh of the certificates. Let's Encrypt will not run if it's not time.
docker pull certbot/certbot:latest

# iterate over each domain and call certbot
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
    export DOMAIN_NAME="$DOMAIN_NAME"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"

    # source the site path so we know what features it has.
    source "$RESPOSITORY_PATH/reset_env.sh"
    source "$SITE_PATH/site_definition"
    source "$RESPOSITORY_PATH/domain_env.sh"

    # with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates
    # at a cachehing reverse proxy that runs nginx.

    ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs"

    # this is minimum required; www and btcpay.
    DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"
    if [ "$DEPLOY_NEXTCLOUD" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NEXTCLOUD_FQDN"; fi
    if [ "$DEPLOY_GITEA" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $GITEA_FQDN"; fi
    if [ "$DEPLOY_NOSTR_RELAY" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NOSTR_FQDN"; fi
    
    # if BTCPAY_ALT_NAMES has been set by the admin, iterate over the list
    # and append the domain names to the certbot request
    if [ -n "$BTCPAY_ALT_NAMES" ]; then
        # let's stub out the rest of our site definitions, if any.
        for ALT_NAME in ${BTCPAY_ALT_NAMES//,/ }; do
            DOMAIN_STRING="$DOMAIN_STRING -d $ALT_NAME.$DOMAIN_NAME"
        done
    fi
    
    GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"

    # execute the certbot command that we dynamically generated.
    eval "$GENERATE_CERT_STRING"
done
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00			`#!/bin/bash`

Clean up migration and NOSTR updates. 2022-11-14 01:27:27 +00:00			`set -ex`
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00
More work on self-hosting + projects. 2022-09-09 18:00:07 +00:00
Certificate renewal updates. 2022-05-24 18:20:59 +00:00			`# let's do a refresh of the certificates. Let's Encrypt will not run if it's not time.`
			`docker pull certbot/certbot:latest`
Moved files. Signed-off-by: Derek Smith <derek@farscapian.com> 2022-05-20 15:06:41 +00:00
Removed all AWS functionality. Big day. 2022-10-31 02:24:25 +00:00			`# iterate over each domain and call certbot`
			`for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do`
			`export DOMAIN_NAME="$DOMAIN_NAME"`
			`export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"`

			`# source the site path so we know what features it has.`
Refactoring/cleaup. 2022-11-14 01:26:51 +00:00			`source "$RESPOSITORY_PATH/reset_env.sh"`
Removed all AWS functionality. Big day. 2022-10-31 02:24:25 +00:00			`source "$SITE_PATH/site_definition"`
Refactoring/cleaup. 2022-11-14 01:26:51 +00:00			`source "$RESPOSITORY_PATH/domain_env.sh"`
Removed all AWS functionality. Big day. 2022-10-31 02:24:25 +00:00
			`# with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates`
			`# at a cachehing reverse proxy that runs nginx.`

			`ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs"`

Updated letsencrypt cert renewal logic. 2022-11-05 23:45:00 +00:00			`# this is minimum required; www and btcpay.`
			`DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"`
			`if [ "$DEPLOY_NEXTCLOUD" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NEXTCLOUD_FQDN"; fi`
			`if [ "$DEPLOY_GITEA" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $GITEA_FQDN"; fi`
Clean up migration and NOSTR updates. 2022-11-14 01:27:27 +00:00			`if [ "$DEPLOY_NOSTR_RELAY" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NOSTR_FQDN"; fi`
Updated letsencrypt cert renewal logic. 2022-11-05 23:45:00 +00:00
			`# if BTCPAY_ALT_NAMES has been set by the admin, iterate over the list`
			`# and append the domain names to the certbot request`
			`if [ -n "$BTCPAY_ALT_NAMES" ]; then`
			`# let's stub out the rest of our site definitions, if any.`
			`for ALT_NAME in ${BTCPAY_ALT_NAMES//,/ }; do`
			`DOMAIN_STRING="$DOMAIN_STRING -d $ALT_NAME.$DOMAIN_NAME"`
			`done`
			`fi`

			`GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_HOME/letsencrypt/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"`

			`# execute the certbot command that we dynamically generated.`
			`eval "$GENERATE_CERT_STRING"`
Removed all AWS functionality. Big day. 2022-10-31 02:24:25 +00:00			`done`