53 lines
1.5 KiB
Bash
Executable File
53 lines
1.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# scripts/setup-renewal-cron.sh
|
|
# Installs/updates a daily cron entry for automated TLS renewal.
|
|
|
|
set -euo pipefail
|
|
|
|
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
TLS_ENV_FILE="${REPO_DIR}/.tls-renewal.env"
|
|
LOG_DIR="${REPO_DIR}/logs"
|
|
LOG_FILE="${LOG_DIR}/tls-renew.log"
|
|
CRON_MARKER="# nextcloud-docker tls renewal"
|
|
CRON_SCHEDULE="${RENEW_CRON_SCHEDULE:-17 3 * * *}"
|
|
DEFAULT_TOKEN_SCRIPT="${HOME}/bin/cloudflare-api-usertoken.sh"
|
|
|
|
if [ -f "${TLS_ENV_FILE}" ]; then
|
|
# shellcheck disable=SC1090
|
|
set -a
|
|
source "${TLS_ENV_FILE}"
|
|
set +a
|
|
fi
|
|
|
|
if [ -z "${LETSENCRYPT_EMAIL:-}" ]; then
|
|
echo "ERROR: LETSENCRYPT_EMAIL is not set."
|
|
echo "Export it in your shell before running this script."
|
|
exit 1
|
|
fi
|
|
|
|
CLOUDFLARE_TOKEN_SCRIPT="${CLOUDFLARE_TOKEN_SCRIPT:-${DEFAULT_TOKEN_SCRIPT}}"
|
|
CF_DNS_PROPAGATION_SECONDS="${CF_DNS_PROPAGATION_SECONDS:-60}"
|
|
|
|
mkdir -p "${LOG_DIR}"
|
|
chmod 700 "${LOG_DIR}"
|
|
|
|
cat > "${TLS_ENV_FILE}" <<ENVFILE
|
|
LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
|
|
CLOUDFLARE_TOKEN_SCRIPT=${CLOUDFLARE_TOKEN_SCRIPT}
|
|
CF_DNS_PROPAGATION_SECONDS=${CF_DNS_PROPAGATION_SECONDS}
|
|
ENVFILE
|
|
chmod 600 "${TLS_ENV_FILE}"
|
|
|
|
CRON_COMMAND="cd ${REPO_DIR} && /usr/bin/env bash ${REPO_DIR}/scripts/renew-production-tls.sh >> ${LOG_FILE} 2>&1"
|
|
CRON_LINE="${CRON_SCHEDULE} ${CRON_COMMAND} ${CRON_MARKER}"
|
|
|
|
{
|
|
crontab -l 2>/dev/null | grep -v "${CRON_MARKER}" || true
|
|
echo "${CRON_LINE}"
|
|
} | crontab -
|
|
|
|
echo "==> Installed cron renewal job:"
|
|
echo " ${CRON_LINE}"
|
|
echo "==> Stored renewal defaults in ${TLS_ENV_FILE}"
|
|
echo "==> Logs will be written to ${LOG_FILE}"
|