shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🐛 truenas-certs-deploy

Browse Source
This commit is contained in:
auricom
2023-01-22 17:02:43 +01:00
parent 6ed2b23e30
commit 00a036f0a7
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kubernetes/apps/default/truenas/certs-deploy/truenas-certs-deploy.sh
View File

@@ -8,7 +8,7 @@ cp /opt/id_rsa ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
printf -v truenas_api_key %q "$TRUENAS_API_KEY" printf -v truenas_api_key %q "$TRUENAS_API_KEY"
printf -v cert_deploy_s3_enabled_str %q CERTS_DEPLOY_S3_ENABLED printf -v cert_deploy_s3_enabled_str %q "$CERTS_DEPLOY_S3_ENABLED"
printf -v pushover_api_key_str %q "$PUSHOVER_API_KEY" printf -v pushover_api_key_str %q "$PUSHOVER_API_KEY"
printf -v pushover_user_key_str %q "$PUSHOVER_USER_KEY" printf -v pushover_user_key_str %q "$PUSHOVER_USER_KEY"
printf -v secret_domain_str %q "$SECRET_DOMAIN" printf -v secret_domain_str %q "$SECRET_DOMAIN"
@@ -28,17 +28,17 @@ SECRET_DOMAIN=$5
TARGET=$(hostname) TARGET=$(hostname)
DAYS=21 DAYS=21
CERTIFICATE_PATH="${HOME}/letsencrypt/${SECRET_DOMAIN}" CERTIFICATE_PATH="${HOME}/letsencrypt/${SECRET_DOMAIN}"
CONFIG_PATH="${HOME}/scripts" SCRIPT_PATH="${HOME}/scripts"
export CERTS_DEPLOY_API_KEY=$1 export CERTS_DEPLOY_API_KEY=$1
export CERTS_DEPLOY_PRIVATE_KEY_PATH export CERTS_DEPLOY_PRIVATE_KEY_PATH=${CERTIFICATE_PATH}/key.pem
export CERTS_DEPLOY_FULLCHAIN_PATH export CERTS_DEPLOY_FULLCHAIN_PATH=${CERTIFICATE_PATH}/fullchain.pem
export CERTS_DEPLOY_S3_ENABLED=$2 export CERTS_DEPLOY_S3_ENABLED=$2
# Check if cert is older than 69 days # Check if cert is older than 69 days
result=$(find ${CERTIFICATE_PATH}/cert.pem -mtime +69) result=$(find ${CERTS_DEPLOY_PRIVATE_KEY_PATH} -mtime +69)
if [[ "$result" == "${CERTIFICATE_PATH}/cert.pem" ]]; then if [[ "$result" == "${CERTS_DEPLOY_PRIVATE_KEY_PATH}" ]]; then
echo "ERROR - Certificate is older than 69 days" echo "ERROR - Certificate is older than 69 days"
echo "ERROR - Verify than it has been renewed by ACME client on opnsense and that the upload automation has been executed" echo "ERROR - Verify than it has been renewed by ACME client on opnsense and that the upload automation has been executed"
curl -s \ curl -s \
@@ -48,8 +48,8 @@ if [[ "$result" == "${CERTIFICATE_PATH}/cert.pem" ]]; then
https://api.pushover.net/1/messages.json https://api.pushover.net/1/messages.json
else else
echo "checking if $TARGET expires in less than $DAYS days" echo "checking if $TARGET expires in less than $DAYS days"
openssl x509 -checkend $(( 24*3600*$DAYS )) -noout -in <(openssl s_client -showcerts -connect $TARGET:443 </dev/null 2>/dev/null | openssl x509 -outform PEM) result=(openssl x509 -checkend $(( 24*3600*$DAYS )) -noout -in <(openssl s_client -showcerts -connect $TARGET:443 </dev/null 2>/dev/null | openssl x509 -outform PEM))
if [ $? -ne 0 ]; then if [ "$result" == "Certificate will expire" ]; then
echo "INFO - Certificate expires in less than $DAYS days" echo "INFO - Certificate expires in less than $DAYS days"
echo "INFO - Deploying new certificate" echo "INFO - Deploying new certificate"
# Deploy certificate (truenas UI & minio) # Deploy certificate (truenas UI & minio)