From d897eaf5cdb0c34888771bd8aa94fd494e67af3d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 28 Aug 2021 06:28:53 +0200 Subject: Adding dehydrated tools. Signed-off-by: Daniel Baumann --- dehydrated/share/cron/dehydrated | 3 +++ dehydrated/share/hooks/deploy_cert.fullchain-privkey | 9 +++++++++ dehydrated/share/hooks/deploy_ocsp.fullchain-privkey | 8 ++++++++ dehydrated/share/hooks/exit_hook.fix-permissions | 18 ++++++++++++++++++ dehydrated/share/hooks/exit_hook.service-reload | 17 +++++++++++++++++ dehydrated/share/logrotate/dehydrated | 13 +++++++++++++ 6 files changed, 68 insertions(+) create mode 100755 dehydrated/share/cron/dehydrated create mode 100755 dehydrated/share/hooks/deploy_cert.fullchain-privkey create mode 100755 dehydrated/share/hooks/deploy_ocsp.fullchain-privkey create mode 100755 dehydrated/share/hooks/exit_hook.fix-permissions create mode 100755 dehydrated/share/hooks/exit_hook.service-reload create mode 100644 dehydrated/share/logrotate/dehydrated (limited to 'dehydrated/share') diff --git a/dehydrated/share/cron/dehydrated b/dehydrated/share/cron/dehydrated new file mode 100755 index 0000000..bece74f --- /dev/null +++ b/dehydrated/share/cron/dehydrated @@ -0,0 +1,3 @@ +# /etc/cron.d/dehydrated + +@reboot root /usr/bin/dehydrated-cron diff --git a/dehydrated/share/hooks/deploy_cert.fullchain-privkey b/dehydrated/share/hooks/deploy_cert.fullchain-privkey new file mode 100755 index 0000000..5457036 --- /dev/null +++ b/dehydrated/share/hooks/deploy_cert.fullchain-privkey @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +DIRECTORY="$(dirname "${FULLCHAINFILE}")" +FILE="cert.fullchain-privkey-${TIMESTAMP}.pem" + +cat "${FULLCHAINFILE}" "${KEYFILE}" > "${DIRECTORY}/${FILE}" +ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem" diff --git a/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey new file mode 100755 index 0000000..e68716b --- /dev/null +++ b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +FILE="$(readlink "${OCSPFILE}")" +DIRECTORY="$(dirname "${OCSPFILE}")" + +ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem.ocsp" diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions new file mode 100755 index 0000000..c5bb646 --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.fix-permissions @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +echo " + Fixing permissions..." + +if getent group ssl-cert > /dev/null 2>&1 +then + echo -n " + /var/lib/dehydrated/certs:" + + find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \; + find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \; + + # https://bugs.debian.org/854431 + chown -R root:ssl-cert /var/lib/dehydrated/certs + + echo " done." +fi diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload new file mode 100755 index 0000000..2da8c1b --- /dev/null +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +echo " + Reloading services..." + +for SERVICE in apache2 haproxy postgresql redis-server +do + if service ${SERVICE} status > /dev/null 2>&1 + then + echo -n " + ${SERVICE}:" + + service ${SERVICE} reload || service ${SERVICE} restart + + echo " done." + fi +done diff --git a/dehydrated/share/logrotate/dehydrated b/dehydrated/share/logrotate/dehydrated new file mode 100644 index 0000000..385a4aa --- /dev/null +++ b/dehydrated/share/logrotate/dehydrated @@ -0,0 +1,13 @@ +# /etc/logrotate.d/dehydrated + +/var/log/dehydrated/dehydrated.log { + compress + create 0640 root adm + dateext + dateformat -%Y%m + dateyesterday + missingok + monthly + notifempty + rotate 12 +} -- cgit v1.2.3