iankelling.org / git / distro-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
misc minor fixes
[distro-setup] / mail-cert-cron
1 #!/bin/bash
2 set -eE -o pipefail
3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
4
5 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
6
7 case $1 in
8 # For first run, accept host key. Note, known_hosts is saved in /p.
9 -1)
10 opt=(-e 'ssh -oStrictHostKeyChecking=no')
11 ;;
12 esac
13
14 f=/a/bin/bash_unpublished/source-state
15 if [[ -e $f ]]; then
16 source $f
17 fi
18
19 case $HOSTNAME in
20 $MAIL_HOST|bk)
21 local_mx=mail.iankelling.org
22 # ||: is to allow for temporary connection issues.
23 rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
24 root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
25 if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
26 echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
27 exit 1
28 fi
29 ;;&
30 esac
31
32 # note: exim spec, 5.3 command line option -bd says that all files except
33 # .include "are reread each time they are used."
34
35
36 exit 0
~16k lines of my .bashrc + lots of my configs