ops/raritan/ssl-renew: init
This commit is contained in:
parent
3b21d1e521
commit
74fe28add8
5 changed files with 60 additions and 0 deletions
|
@ -6,6 +6,7 @@ args: {
|
||||||
nixos = import ./nixos args;
|
nixos = import ./nixos args;
|
||||||
maint = import ./maint args;
|
maint = import ./maint args;
|
||||||
secrets = import ./secrets args;
|
secrets = import ./secrets args;
|
||||||
|
raritan = import ./raritan args;
|
||||||
|
|
||||||
home-manager-ext = import ./home-manager-ext.nix args;
|
home-manager-ext = import ./home-manager-ext.nix args;
|
||||||
}
|
}
|
||||||
|
|
7
ops/raritan/default.nix
Normal file
7
ops/raritan/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
args: {
|
||||||
|
ssl-renew = import ./ssl-renew args;
|
||||||
|
}
|
14
ops/raritan/ssl-renew/default.nix
Normal file
14
ops/raritan/ssl-renew/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# SPDX-FileCopyrightText: 2021 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.runCommandNoCC "raritan-update" {
|
||||||
|
inherit (pkgs) lego curl;
|
||||||
|
} ''
|
||||||
|
mkdir $out
|
||||||
|
substituteAll ${./deploy.sh} $out/deploy.sh
|
||||||
|
substituteAll ${./lego.sh} $out/lego.sh
|
||||||
|
chmod +x $out/deploy.sh $out/lego.sh
|
||||||
|
''
|
14
ops/raritan/ssl-renew/deploy.sh
Executable file
14
ops/raritan/ssl-renew/deploy.sh
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
@curl@/bin/curl -k \
|
||||||
|
--user "${RARITAN_USERNAME}:${RARITAN_PASSWORD}" \
|
||||||
|
-F cert_file=@${LEGO_CERT_PATH} \
|
||||||
|
-F key_file=@${LEGO_CERT_KEY_PATH} \
|
||||||
|
"https://${RARITAN_IP}/cgi-bin/server_ssl_cert_upload.cgi"
|
||||||
|
@curl@/bin/curl -k \
|
||||||
|
--user "${RARITAN_USERNAME}:${RARITAN_PASSWORD}" \
|
||||||
|
"https://${RARITAN_IP}/bulk" \
|
||||||
|
-H 'Content-Type: application/json; charset=UTF-8' \
|
||||||
|
--data-binary '{"jsonrpc":"2.0","method":"performBulk","params":{"requests":[{"rid":"/server_ssl_cert","json":{"jsonrpc":"2.0","method":"installPendingKeyPair","params":null,"id":1}}]},"id":2}'
|
24
ops/raritan/ssl-renew/lego.sh
Executable file
24
ops/raritan/ssl-renew/lego.sh
Executable file
|
@ -0,0 +1,24 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
export LEGO_FLAGS="\
|
||||||
|
--accept-tos \
|
||||||
|
--dns cloudflare \
|
||||||
|
--dns.resolvers 1.1.1.1 \
|
||||||
|
--domains "${CERTIFICATE_DOMAIN}" \
|
||||||
|
--key-type rsa4096 \
|
||||||
|
--email "${LETSENCRYPT_EMAIL}" \
|
||||||
|
"
|
||||||
|
|
||||||
|
if ! [[ -f .lego/certificates/${CERTIFICATE_DOMAIN}.crt ]]; then
|
||||||
|
exec @lego@/bin/lego \
|
||||||
|
$LEGO_FLAGS \
|
||||||
|
run \
|
||||||
|
--run-hook="@out@/deploy.sh"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec @lego@/bin/lego \
|
||||||
|
$LEGO_FLAGS \
|
||||||
|
renew \
|
||||||
|
--renew-hook="@out@/deploy.sh"
|
Loading…
Reference in a new issue