2019-10-14 22:08:03 +00:00
|
|
|
#!/bin/sh
|
2020-03-30 16:40:03 +00:00
|
|
|
# DO NOT TOUCH IT HERE SEE GIT REPO 'envs/ops'
|
2019-10-14 22:08:03 +00:00
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
for domain in $RENEWED_DOMAINS; do
|
|
|
|
|
case $domain in
|
|
|
|
|
envs.net)
|
|
|
|
|
daemon_cert_root=/opt/lxc_ssl/envs.net
|
|
|
|
|
umask 077
|
|
|
|
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/privkey.pem"
|
|
|
|
|
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
|
|
|
|
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
|
|
|
|
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
2020-01-05 14:03:14 +00:00
|
|
|
|
2020-10-08 18:16:52 +00:00
|
|
|
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
|
|
|
|
|
#ssh root@srv01.envs.net bash -c "/opt/sync_certs.sh"
|
|
|
|
|
|
2020-01-05 14:03:14 +00:00
|
|
|
# matrix
|
|
|
|
|
matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse
|
|
|
|
|
cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/
|
|
|
|
|
cp "$daemon_cert_root/chain.pem" "$matrix_dir"/
|
|
|
|
|
cp "$daemon_cert_root/fullchain.pem" "$matrix_dir"/
|
2020-02-09 08:14:08 +00:00
|
|
|
chmod 644 "$matrix_dir"/*.pem
|
2020-01-05 14:03:14 +00:00
|
|
|
chown 108:0 "$matrix_dir"/*.pem
|
2020-01-29 10:01:52 +00:00
|
|
|
lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart coturn"
|
2020-01-05 14:03:14 +00:00
|
|
|
|
2020-01-21 12:01:49 +00:00
|
|
|
# pleroma
|
|
|
|
|
lxc-attach -n pleroma -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
2020-03-30 16:40:03 +00:00
|
|
|
# monitor
|
|
|
|
|
lxc-attach -n moni -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
2020-01-05 14:03:14 +00:00
|
|
|
# mail
|
2020-01-29 10:01:52 +00:00
|
|
|
# has a own letencrypt cert in container!
|
|
|
|
|
##lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot"
|
|
|
|
|
|
2020-01-05 14:03:14 +00:00
|
|
|
# mailinglists
|
|
|
|
|
lxc-attach -n lists -- bash -c "systemctl reload nginx postfix"
|
|
|
|
|
|
|
|
|
|
# gitea
|
|
|
|
|
lxc-attach -n gitea -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
2020-05-27 08:27:41 +00:00
|
|
|
# drone-ci
|
|
|
|
|
lxc-attach -n drone -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
2020-01-05 14:03:14 +00:00
|
|
|
# searx
|
|
|
|
|
lxc-attach -n searx -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
|
|
|
|
# cryptad
|
|
|
|
|
lxc-attach -n pad -- bash -c "systemctl reload nginx"
|
|
|
|
|
|
|
|
|
|
# tt-rss
|
|
|
|
|
lxc-attach -n rss -- bash -c "systemctl restart apache2"
|
|
|
|
|
|
|
|
|
|
# privatebin
|
|
|
|
|
lxc-attach -n pb -- bash -c "systemctl restart apache2"
|
2020-02-12 20:44:01 +00:00
|
|
|
;;
|
2019-10-14 22:08:03 +00:00
|
|
|
|
|
|
|
|
envs.sh)
|
|
|
|
|
daemon_cert_root=/opt/lxc_ssl/envs.sh
|
|
|
|
|
umask 077
|
|
|
|
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/privkey.pem"
|
|
|
|
|
cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem"
|
|
|
|
|
cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem"
|
|
|
|
|
cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem"
|
2020-10-08 18:16:52 +00:00
|
|
|
|
|
|
|
|
#rsync -av --numeric-ids "$daemon_cert_root" root@srv01.envs.net:/opt/ssl_certs/
|
|
|
|
|
|
2020-01-05 14:03:14 +00:00
|
|
|
# 0x0 / fiche
|
|
|
|
|
lxc-attach -n null -- bash -c "systemctl reload nginx"
|
2020-02-12 20:44:01 +00:00
|
|
|
;;
|
2019-10-14 22:08:03 +00:00
|
|
|
|
|
|
|
|
znc.envs.net)
|
|
|
|
|
daemon_cert_root=/srv/znc/.znc
|
|
|
|
|
umask 077
|
|
|
|
|
cat "$RENEWED_LINEAGE/privkey.pem" > "$daemon_cert_root/znc.pem"
|
|
|
|
|
cat "$RENEWED_LINEAGE/fullchain.pem" >> "$daemon_cert_root/znc.pem"
|
|
|
|
|
cat /etc/ssl/certs/envs_dhparam.pem >> "$daemon_cert_root/znc.pem"
|
|
|
|
|
chown znc "$daemon_cert_root/znc.pem"
|
|
|
|
|
chmod 600 "$daemon_cert_root/znc.pem"
|
2020-01-05 14:03:14 +00:00
|
|
|
systemctl restart znc
|
2020-02-12 20:44:01 +00:00
|
|
|
;;
|
2019-10-14 22:08:03 +00:00
|
|
|
|
|
|
|
|
esac
|
|
|
|
|
done
|
