improved kvmd-certbot

2025-12-12 01:00:29 +08:00 · 2022-06-24 21:32:06 +03:00 · 2022-06-24 21:32:06 +03:00 · 8727b0e8bd
commit 8727b0e8bd
parent f634be16f0
1 changed files with 92 additions and 42 deletions
--- a/scripts/kvmd-certbot
+++ b/scripts/kvmd-certbot
@ -46,6 +46,16 @@ function create_tmp() {
 	trap cleanup EXIT
 }

+function ensure_runroot() {
+	if [ ! -d "$cur" ]; then
+		kvmd-pstrun -- bash -c "
+			set -ex
+			mkdir -p '$cur'
+			chown '$user:' '$cur'
+		"
+	fi
+}
+
 function restart_if_running() {
 	if systemctl is-active --quiet "$2"; then
 		echo "=> systemctl $1 $2"
@ -53,11 +63,46 @@ function restart_if_running() {
 	fi
 }

-if [ "$1" == "renew" ]; then
+function restart_if_running_nginx() {
+	restart_if_running reload kvmd-nginx
+}
+
+function restart_if_running_vnc() {
+	restart_if_running restart kvmd-vnc
+}
+
+case "$1" in
+	-h|--help|help)
+		sudo -u "$user" certbot "$@" \
+			--config-dir="$cur/config" \
+			--work-dir="$cur/work" \
+			--logs-dir="$cur/logs"
+	;;
+
+	certonly)
+		create_tmp
+		ensure_runroot
+		sudo -u "$user" kvmd-pstrun -- certbot "$@" \
+			--config-dir="$cur/config" \
+			--work-dir="$cur/work" \
+			--logs-dir="$cur/logs" \
+			--webroot \
+			--webroot-path="$web" \
+			--deploy-hook="/usr/bin/bash -c '
+				set -ex
+				chmod 750 '$cur/config/'{archive,live}
+				cd \"\$RENEWED_LINEAGE\"
+				chmod 640 privkey.pem
+				ln -s fullchain.pem server.crt
+				ln -s privkey.pem server.key
+			'"
+	;;
+
+	renew)
+		shift
 		create_tmp
 		cp -a "$cur"/{config,work,logs} "$tmp"
 		sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
-	shift
 		sudo -u "$user" certbot renew "$@" \
 			--config-dir="$tmp/config" \
 			--work-dir="$tmp/work" \
@ -76,39 +121,44 @@ if [ "$1" == "renew" ]; then
 				kvmd-helper-swapfiles '$new' '$cur'
 				rm -rf '$new'
 			"
-		restart_if_running reload kvmd-nginx
-		restart_if_running restart kvmd-vnc
+			restart_if_running_nginx
+			restart_if_running_vnc
 		fi
+	;;

-else
-	create_tmp
-	if [ ! -d "$cur" ]; then
-		kvmd-pstrun -- bash -c "
-			set -ex
-			mkdir -p '$cur'
-			chown '$user:' '$cur'
-		"
+	install)
+		case "$2" in
+			nginx|vnc)
+				if [ -z "$2" ]; then
+					echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+					exit 1
 				fi
-	if [ "$1" == "certonly-webroot" ]; then
+				set -x 
+				rm -f "/etc/kvmd/$2/ssl/server."{crt,key}
+				ln -s "$cur/config/live/$3/server."{crt,key} "/etc/kvmd/$2/ssl/"
+				"restart_if_running_$2"
+			;;
+			*)
+				echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
+				exit 1
+			;;
+		esac
+	;;
+
+	--)
 		shift
-		sudo -u "$user" kvmd-pstrun -- certbot certonly "$@" \
-			--config-dir="$cur/config" \
-			--work-dir="$cur/work" \
-			--logs-dir="$cur/logs" \
-			--webroot \
-			--webroot-path="$web" \
-			--deploy-hook="/usr/bin/bash -c '
-				set -ex
-				chmod 750 '$cur/config/'{archive,live}
-				cd \"\$RENEWED_LINEAGE\"
-				chmod 640 privkey.pem
-				ln -s fullchain.pem server.crt
-				ln -s privkey.pem server.key
-			'"
-	else
+		create_tmp
+		ensure_runroot
 		sudo -u "$user" kvmd-pstrun -- certbot "$@" \
 			--config-dir="$cur/config" \
 			--work-dir="$cur/work" \
 			--logs-dir="$cur/logs"
-	fi
-fi
+	;;
+
+	*)
+		echo "This command is not implemented by kvmd-certbot."
+		echo "To pass it into certbot under PST context use '--'."
+		echo "For example: kvmd-certbot -- $*"
+		exit 1
+	;;
+esac