summaryrefslogtreecommitdiffstats
path: root/dehydrated/share/hooks
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-08-28 05:54:01 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-08-28 09:21:38 +0000
commit164ba68e506c5a23583e29c29a217d212b62f543 (patch)
treeb63a129aee145384e1f69f36ddb7995081bddaaf /dehydrated/share/hooks
parentAdding upstream version 20190301-lts1. (diff)
downloadopen-infrastructure-service-tools-164ba68e506c5a23583e29c29a217d212b62f543.tar.xz
open-infrastructure-service-tools-164ba68e506c5a23583e29c29a217d212b62f543.zip
Adding upstream version 20210828.upstream/20210828
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dehydrated/share/hooks')
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.fullchain-privkey9
-rwxr-xr-xdehydrated/share/hooks/deploy_ocsp.fullchain-privkey8
-rwxr-xr-xdehydrated/share/hooks/exit_hook.fix-permissions18
-rwxr-xr-xdehydrated/share/hooks/exit_hook.service-reload17
4 files changed, 52 insertions, 0 deletions
diff --git a/dehydrated/share/hooks/deploy_cert.fullchain-privkey b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
new file mode 100755
index 0000000..5457036
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_cert.fullchain-privkey
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -e
+
+DIRECTORY="$(dirname "${FULLCHAINFILE}")"
+FILE="cert.fullchain-privkey-${TIMESTAMP}.pem"
+
+cat "${FULLCHAINFILE}" "${KEYFILE}" > "${DIRECTORY}/${FILE}"
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem"
diff --git a/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
new file mode 100755
index 0000000..e68716b
--- /dev/null
+++ b/dehydrated/share/hooks/deploy_ocsp.fullchain-privkey
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+FILE="$(readlink "${OCSPFILE}")"
+DIRECTORY="$(dirname "${OCSPFILE}")"
+
+ln -sf "${FILE}" "${DIRECTORY}/cert.fullchain-privkey.pem.ocsp"
diff --git a/dehydrated/share/hooks/exit_hook.fix-permissions b/dehydrated/share/hooks/exit_hook.fix-permissions
new file mode 100755
index 0000000..c5bb646
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.fix-permissions
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+echo " + Fixing permissions..."
+
+if getent group ssl-cert > /dev/null 2>&1
+then
+ echo -n " + /var/lib/dehydrated/certs:"
+
+ find /var/lib/dehydrated/certs -type d -exec chmod 0750 {} \;
+ find /var/lib/dehydrated/certs -type f -exec chmod 0640 {} \;
+
+ # https://bugs.debian.org/854431
+ chown -R root:ssl-cert /var/lib/dehydrated/certs
+
+ echo " done."
+fi
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
new file mode 100755
index 0000000..2da8c1b
--- /dev/null
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+echo " + Reloading services..."
+
+for SERVICE in apache2 haproxy postgresql redis-server
+do
+ if service ${SERVICE} status > /dev/null 2>&1
+ then
+ echo -n " + ${SERVICE}:"
+
+ service ${SERVICE} reload || service ${SERVICE} restart
+
+ echo " done."
+ fi
+done