indent, factor out certbot install

[basic-https-conf] / certbot-setup

diff --git a/certbot-setup b/certbot-setup
new file mode 100755 (executable)
index 0000000..caed0ad
--- /dev/null
+++ b/certbot-setup
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# usage: $0 apache2|nginx
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+t=$1
+
+if apt-cache show python3-certbot-apache &>/dev/null; then
+  pyver=3
+fi
+pkgs=(certbot python${pyver}-certbot-${t%2})
+if ! dpkg -s -- ${pkgs[@]} 2>&1 | grep -Fx "Status: install ok installed" &> /dev/null; then
+  apt-get -y install --purge --auto-remove ${pkgs[@]}
+fi
+# Make a version of the certbot timer that emails me.
+if [[ -e /a/bin/log-quiet/sysd-mail-once ]]; then
+  x=/systemd/system/certbot
+  md5=$(md5sum /lib$x.timer /lib$x.service 2>/dev/null) ||:
+  sed -r -f - /lib$x.timer <<'EOF' >/etc${x}mail.timer
+s,^Description.*,\0 mail version,
+EOF
+  sed -r -f - /lib$x.service <<'EOF' > /etc${x}mail.service
+s,(ExecStart=).*,\1/a/bin/log-quiet/sysd-mail-once certbotmail /usr/bin/certbot renew,
+EOF
+  if [[ $md5sum != "$(md5sum /lib$x.timer /lib$x.service)" ]]; then
+    systemctl daemon-reload
+  fi
+  systemctl stop certbot.timer
+  systemctl disable certbot.timer
+  systemctl start certbotmail.timer
+  systemctl enable certbotmail.timer
+fi