diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2021-08-28 04:28:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2021-08-28 09:20:07 +0000 |
commit | d897eaf5cdb0c34888771bd8aa94fd494e67af3d (patch) | |
tree | bac5112ba9ab0d7dc703cc6be67d6450e17eba9d /dehydrated/share | |
parent | Using rst instead of asciidoc for manpage generation. (diff) | |
download | service-tools-d897eaf5cdb0c34888771bd8aa94fd494e67af3d.tar.xz service-tools-d897eaf5cdb0c34888771bd8aa94fd494e67af3d.zip |
Adding dehydrated tools.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rwxr-xr-x | dehydrated/share/cron/dehydrated | 3 | ||||
-rwxr-xr-x | dehydrated/share/hooks/deploy_cert.fullchain-privkey | 9 | ||||
-rwxr-xr-x | dehydrated/share/hooks/deploy_ocsp.fullchain-privkey | 8 | ||||
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.fix-permissions | 18 | ||||
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.service-reload | 17 | ||||
-rw-r--r-- | dehydrated/share/logrotate/dehydrated | 13 |
6 files changed, 68 insertions, 0 deletions
diff --git a/dehydrated/share/cron/dehydrated b/dehydrated/share/cron/dehydrated new file mode 100755 index 0000000..bece74f --- /dev/null +++ b/dehydrated/share/cron/dehydrated @@ -0,0 +1,3 @@ +# /etc/cron.d/dehydrated + +@reboot root /usr/bin/dehydrated-cron diff --git a/dehydrated/share/hooks/deploy_cert.fullchain-privkey b/dehydrated/share/hooks/deploy_cert.fullchain-privkey new file mode 100755 index 0000000..5457036 --- /dev/null +++ b/dehydrated/share/hooks/deploy_cert.fullchain-privkey @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +DIRECTORY="$(dirname "${FULLCHAINFILE}")" +FILE="cert.fullchain-privkey-${TIMESTAMP}.pem" + +cat "${FULLCHAINFILE}" "${KEYFILE}" > "${DIRECTORY}/${FILE}" +ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem" diff --git a/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey new file mode 100755 index 0000000..e68716b --- /dev/null +++ b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +FILE="$(readlink "${OCSPFILE}")" +DIRECTORY="$(dirname "${OCSPFILE}")" + +ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem.ocsp" diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions new file mode 100755 index 0000000..c5bb646 --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.fix-permissions @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +echo " + Fixing permissions..." + +if getent group ssl-cert > /dev/null 2>&1 +then + echo -n " + /var/lib/dehydrated/certs:" + + find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \; + find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \; + + # https://bugs.debian.org/854431 + chown -R root:ssl-cert /var/lib/dehydrated/certs + + echo " done." +fi diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload new file mode 100755 index 0000000..2da8c1b --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +echo " + Reloading services..." + +for SERVICE in apache2 haproxy postgresql redis-server +do + if service ${SERVICE} status > /dev/null 2>&1 + then + echo -n " + ${SERVICE}:" + + service ${SERVICE} reload || service ${SERVICE} restart + + echo " done." + fi +done diff --git a/dehydrated/share/logrotate/dehydrated b/dehydrated/share/logrotate/dehydrated new file mode 100644 index 0000000..385a4aa --- /dev/null +++ b/dehydrated/share/logrotate/dehydrated @@ -0,0 +1,13 @@ +# /etc/logrotate.d/dehydrated + +/var/log/dehydrated/dehydrated.log { + compress + create 0640 root adm + dateext + dateformat -%Y%m + dateyesterday + missingok + monthly + notifempty + rotate 12 +} |