#!/bin/bash # This file is part of web-conf which configures web servers # Copyright (C) 2024 Ian Kelling # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # SPDX-License-Identifier: GPL-3.0-or-later # usage: $0 apache2|nginx if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" t=$1 if apt-cache show python3-certbot-apache &>/dev/null; then pyver=3 fi pkgs=(certbot python${pyver}-certbot-${t%2}) if ! dpkg -s -- ${pkgs[@]} 2>&1 | grep -Fx "Status: install ok installed" &> /dev/null; then apt-get -y install --purge --auto-remove ${pkgs[@]} fi # Make a version of the certbot timer that emails me. if [[ -e /a/bin/log-quiet/sysd-mail-once ]]; then x=/systemd/system/certbot md5=$(md5sum /lib$x.timer /lib$x.service 2>/dev/null) ||: sed -r -f - /lib$x.timer <<'EOF' >/etc${x}mail.timer s,^Description.*,\0 mail version, EOF sed -r -f - /lib$x.service <<'EOF' > /etc${x}mail.service s,(ExecStart=).*,\1/a/bin/log-quiet/sysd-mail-once certbotmail /usr/bin/certbot renew, EOF if [[ $md5sum != "$(md5sum /lib$x.timer /lib$x.service)" ]]; then systemctl daemon-reload fi systemctl stop certbot.timer systemctl disable certbot.timer systemctl start certbotmail.timer systemctl enable certbotmail.timer fi