summaryrefslogtreecommitdiffstats
path: root/dehydrated/share
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2021-08-28 04:28:53 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2021-08-28 09:20:07 +0000
commitd897eaf5cdb0c34888771bd8aa94fd494e67af3d (patch)
treebac5112ba9ab0d7dc703cc6be67d6450e17eba9d /dehydrated/share
parentUsing rst instead of asciidoc for manpage generation. (diff)
downloadservice-tools-d897eaf5cdb0c34888771bd8aa94fd494e67af3d.tar.xz
service-tools-d897eaf5cdb0c34888771bd8aa94fd494e67af3d.zip
Adding dehydrated tools.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-xdehydrated/share/cron/dehydrated3
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.fullchain-privkey9
-rwxr-xr-xdehydrated/share/hooks/deploy_ocsp.fullchain-privkey8
-rwxr-xr-xdehydrated/share/hooks/exit_hook.fix-permissions18
-rwxr-xr-xdehydrated/share/hooks/exit_hook.service-reload17
-rw-r--r--dehydrated/share/logrotate/dehydrated13
6 files changed, 68 insertions, 0 deletions
diff --git a/dehydrated/share/cron/dehydrated b/dehydrated/share/cron/dehydrated
new file mode 100755
index 0000000..bece74f
--- /dev/null
+++ b/dehydrated/share/cron/dehydrated
@@ -0,0 +1,3 @@
+# /etc/cron.d/dehydrated
+
+@reboot root /usr/bin/dehydrated-cron
diff --git a/dehydrated/share/hooks/deploy_cert.fullchain-privkey b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
new file mode 100755
index 0000000..5457036
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+DIRECTORY="$(dirname "${FULLCHAINFILE}")"
+FILE="cert.fullchain-privkey-${TIMESTAMP}.pem"
+
+cat "${FULLCHAINFILE}" "${KEYFILE}" > "${DIRECTORY}/${FILE}"
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem"
diff --git a/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
new file mode 100755
index 0000000..e68716b
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+FILE="$(readlink "${OCSPFILE}")"
+DIRECTORY="$(dirname "${OCSPFILE}")"
+
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem.ocsp"
diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions
new file mode 100755
index 0000000..c5bb646
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.fix-permissions
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+echo " + Fixing permissions..."
+
+if getent group ssl-cert > /dev/null 2>&1
+then
+ echo -n " + /var/lib/dehydrated/certs:"
+
+ find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \;
+ find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \;
+
+ # https://bugs.debian.org/854431
+ chown -R root:ssl-cert /var/lib/dehydrated/certs
+
+ echo " done."
+fi
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
new file mode 100755
index 0000000..2da8c1b
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+echo " + Reloading services..."
+
+for SERVICE in apache2 haproxy postgresql redis-server
+do
+ if service ${SERVICE} status > /dev/null 2>&1
+ then
+ echo -n " + ${SERVICE}:"
+
+ service ${SERVICE} reload || service ${SERVICE} restart
+
+ echo " done."
+ fi
+done
diff --git a/dehydrated/share/logrotate/dehydrated b/dehydrated/share/logrotate/dehydrated
new file mode 100644
index 0000000..385a4aa
--- /dev/null
+++ b/dehydrated/share/logrotate/dehydrated
@@ -0,0 +1,13 @@
+# /etc/logrotate.d/dehydrated
+
+/var/log/dehydrated/dehydrated.log {
+ compress
+ create 0640 root adm
+ dateext
+ dateformat -%Y%m
+ dateyesterday
+ missingok
+ monthly
+ notifempty
+ rotate 12
+}