diff options
Diffstat (limited to 'roles/prosody_letsencrypt_proxy/templates/usr/local/sbin/prosody-letsencrypt-proxy.j2')
-rw-r--r-- | roles/prosody_letsencrypt_proxy/templates/usr/local/sbin/prosody-letsencrypt-proxy.j2 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/prosody_letsencrypt_proxy/templates/usr/local/sbin/prosody-letsencrypt-proxy.j2 b/roles/prosody_letsencrypt_proxy/templates/usr/local/sbin/prosody-letsencrypt-proxy.j2 new file mode 100644 index 0000000..601bef8 --- /dev/null +++ b/roles/prosody_letsencrypt_proxy/templates/usr/local/sbin/prosody-letsencrypt-proxy.j2 @@ -0,0 +1,51 @@ +#!/bin/bash + +# Copyright (c) 2023 stonewall@sacredheartsc.com +# MIT License https://opensource.org/licenses/MIT +# +# Pulls certificate files from another host over sftp, and restarts prosody +# if any certificate files were modified. + +set -Eeu -o pipefail + +shopt -s nullglob + +SSH_KEY={{ prosody_le_ssh_privkey_path | quote }} +LETSENCRYPT_PROXY_USER={{ prosody_le_user | quote }} +LETSENCRYPT_PROXY_HOST={{ prosody_le_proxy_host | quote }} +CERT_DIR=/etc/prosody/certs + +CHECKSUM_FILE=certs.md5 + +cd "${CERT_DIR}" + +if [ -f "$CHECKSUM_FILE" ]; then + md5_orig=$(<"$CHECKSUM_FILE") +else + md5_orig='' +fi + +sftp -i "$SSH_KEY" "${LETSENCRYPT_PROXY_USER}@${LETSENCRYPT_PROXY_HOST}" <<EOT +get *.crt +get *.key +quit +EOT + +chgrp prosody "${CERT_DIR}"/*.{crt,key} +chmod 640 "${CERT_DIR}"/*.{crt,key} + +> "$CHECKSUM_FILE" +for file in *.{crt,key} ; do + md5sum "$file" >> "$CHECKSUM_FILE" +done + +md5_new=$(<"$CHECKSUM_FILE") + +if [ "$md5_orig" != "$md5_new" ]; then + echo 'found new certificates, reloading prosody.' + if systemctl is-active prosody > /dev/null; then + systemctl reload prosody + fi +else + echo 'certificates unchanged.' +fi |