Matthew Baggett
6db6395f66
* linting is fun * mis-detection of missing healthcheck staements. * typo * disable tagging vanity tags on non-main branch * Unbugger node build? * Add gitleaks detector, remove an expired secret. * More linting-derived cleanup * Fiddle with trivy * Fiddle with trivy * add a readme * Fix build bug with php flavours * Marshall should build other flavours of ubuntu. * Fiddle with act cache location. * Add concurrency checks * Composer version gubbins for 7.0/7.1 * ubuntu is just a label, and injected over the top of. * Composer version gubbins for 7.0/7.1 * Run when workflow is altered too please. * Hopefully fix composer stage. * setup tooling meta-tooling. * Add trunk * Disable mirror mode, its being problematic, and increase retries to 5. * Revisit how ghcr login works. * Add trunk checks. * All hail the linter * Heavilly revise workflow * Fettling * Fettling * Fettling * Fettling * Fettling * Cleanup * Cleanup * Fettling.. Why does mitm build but not redis? * Fettling.. Why does mitm build but not redis? * Debuggin * Fettling. * Fix build? * Permissions are a pain * Switch around some should_push logic because envs aren't available that early. * Permissionssssss * Trivy, bane of my life * Fix merge? * Fix labels * Help node along, among other things * Redis 6.1 & 7.1 aren't a thing any more. * Ffff USER nonsense * latest-openssl doesn't exist. * fixup mysqlproxy. * Fix labels * uurrgh * uurrgh * Didn't need to add the mitmproxy user, it exists * Missing ghcr login * Missing backtick * Fix build? * Add validate build step to bouncer. * Fix bouncer build * Disable laravel build * Missing env * Fix swarm mon build * Scout just doesn't seem to work.
55 lines
1.6 KiB
Bash
Executable file
55 lines
1.6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
if [[ -z ${LETSENCRYPT_DOMAINS} ]]; then
|
|
echo "LetsEncrypt not enabled"
|
|
while true; do
|
|
sleep infinity
|
|
done
|
|
fi
|
|
|
|
if [[ -z ${LETSENCRYPT_EMAIL} ]]; then
|
|
echo "LetsEncrypt not enabled - You must set LETSENCRYPT_EMAIL"
|
|
while true; do
|
|
sleep infinity
|
|
done
|
|
fi
|
|
|
|
if [[ ${LETSENCRYPT_MODE,,} == "production" ]]; then
|
|
echo -e "LetsEncrypt is running against the \e[32mPRODUCTION\e[0m servers."
|
|
LETSENCRYPT_MODE=""
|
|
else
|
|
echo -e "LetsEncrypt is running against the \e[31mSTAGING\e[0m servers."
|
|
LETSENCRYPT_MODE="--test-cert"
|
|
fi
|
|
echo -e "To change this, change the value of LETSENCRYPT_MODE"
|
|
|
|
# Give Nginx a moment to start before we kill it again.
|
|
sleep 30
|
|
|
|
echo -e "Certbot is running for \e[33m${LETSENCRYPT_EMAIL}\e[0m / \e[33m${LETSENCRYPT_DOMAINS}\e[0m..."
|
|
(
|
|
set -x
|
|
certbot \
|
|
certonly \
|
|
--nginx \
|
|
"${LETSENCRYPT_MODE}" \
|
|
-d "${LETSENCRYPT_DOMAINS}" \
|
|
-n \
|
|
-m "${LETSENCRYPT_EMAIL}" \
|
|
--agree-tos
|
|
)
|
|
|
|
echo -e "Certbot complete!"
|
|
|
|
# replace the self-certs with these lovely new certs.
|
|
if [[ -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem" ]]; then
|
|
sed -i "s|ssl_certificate .*|ssl_certificate /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/fullchain.pem;|g" /etc/nginx/sites-enabled/default-ssl
|
|
sed -i "s|ssl_certificate_key .*|ssl_certificate_key /etc/letsencrypt/live/${LETSENCRYPT_DOMAINS}/privkey.pem;|g" /etc/nginx/sites-enabled/default-ssl
|
|
|
|
echo "Reloading Nginx"
|
|
nginx -s reload
|
|
# Sleep for 24 hours and try again tomorrow with a renewal, just in case.
|
|
sleep 86400
|
|
else
|
|
echo -e "LetsEncrypt \e[31mFAILED TO GENERATE CERTS\e[0m. Will try again in an hour."
|
|
sleep 3600
|
|
fi
|