aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
diff options
context:
space:
mode:
Diffstat (limited to 'files/usr/local/libexec/prosody-acme-proxy.xmpp_server')
-rw-r--r--files/usr/local/libexec/prosody-acme-proxy.xmpp_server54
1 files changed, 54 insertions, 0 deletions
diff --git a/files/usr/local/libexec/prosody-acme-proxy.xmpp_server b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
new file mode 100644
index 0000000..d69017b
--- /dev/null
+++ b/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Retrieves ACME certificates from a different host over SFTP.
+# Reloads prosody if any certificates were changed.
+
+set -eu -o pipefail
+
+PROSODY_USER=prosody
+CERT_DIR=/usr/local/etc/prosody/certs
+CHECKSUM_FILE="${CERT_DIR}/certs.md5"
+
+prog=$(basename "$(readlink -f "$0")")
+usage="${prog} [-q] USER@TARGET_HOST DOMAIN..."
+
+usage(){
+ printf 'usage: %s\n' "$usage" 1>&2
+ exit 2
+}
+
+while getopts hq opt; do
+ case $opt in
+ h) usage ;;
+ q) exec 1>/dev/null ;;
+ esac
+done
+shift $((OPTIND - 1))
+
+[ $# -ge 2 ] || usage
+acmeproxy_target=$1; shift
+
+# Get md5 of any existing certificates.
+touch "$CHECKSUM_FILE"
+md5_old=$(cat "$CHECKSUM_FILE")
+
+# Retrieve certs from the proxy host via SFTP.
+{ printf 'lcd %s\n' "$CERT_DIR"
+ printf 'get certs/%s.crt\n' "$@"
+ printf 'get certs/%s.key\n' "$@"
+ printf 'quit\n'
+} | sftp -b - "$acmeproxy_target"
+
+# Get md5 of the new certificates.
+md5_new=$(md5sum "$CERT_DIR"/*.crt "$CERT_DIR"/*.key | tee "$CHECKSUM_FILE")
+
+# If any certificates differ, reload prosody.
+if [ "$md5_old" != "$md5_new" ]; then
+ if prosodyctl status >/dev/null 2>&1; then
+ prosodyctl reload
+ else
+ echo 'prosody not running, not reloading'
+ fi
+else
+ echo 'certificates unchanged'
+fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 12:20:46 -0500