-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathupdate-tools.sh
executable file
·192 lines (172 loc) · 6.95 KB
/
update-tools.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#!/usr/bin/env bash
SOFTWARES="python curl"
MODULES="requests,requests builtins,future dns,dnspython tld,tld urllib3,urllib3 OpenSSL,pyopenssl"
FOLDERS="accounts bin certs .hover install"
RED="$(tput setaf 1)"
GREEN="$(tput setaf 2)"
MAG="$(tput setaf 5)"
NORM="$(tput sgr0)"
VEDITOR="${FCEDIT:-${VISUAL:-${EDITOR:-nano}}}"
if ! which "$VEDITOR" >/dev/null 2>&2 ; then
VEDITOR=vi
fi
inquire () {
echo -n "$1 [y/n]? "
read answer
finish="-1"
while [ "$finish" = '-1' ]
do
finish="1"
if [ "$answer" = '' ];
then
answer=""
else
case "$answer" in
y | Y | yes | YES ) answer="y";;
n | N | no | NO ) answer="n";;
*) finish="-1";
echo -n 'Invalid response -- please reenter:';
read answer;;
esac
fi
done
}
{
echo -e -n "\n${MAG}This setup makes use of the following open source software. "
echo -n "To function correctly, the user account under which it runs, as a cron job, must have read & write access to this directory and all of the subdirectories. "
echo -n "Since certificates are sensitive data that should be kept secure, you should be comfortable with the software used. "
echo -n "You are encouraged to visit the project pages and examine the source code for the software. "
echo -n "The software is only updated when this script, ${GREEN}update-tools.sh${MAG}, is manually run. "
} | fold -sw 80
echo -e "\n${GREEN}"
echo -e " dehydrated: https://github.com/lukas2511/dehydrated"
echo -e " hover-cli: https://github.com/mscalora/hover-cli"
echo -e " lets-hover: https://github.com/mscalora/lets-hover"
echo -e "${NORM}"
inquire "${MAG}Do you wish to continue setup now?${NORM}"
if [[ "$answer" == "n" ]] ; then
exit
fi
# check for required software
for SOFTWARE in $SOFTWARES ; do
if ! which "$SOFTWARE" >/dev/null 2>&1 ; then
echo -e "\n${MAG}Required software '${RED}$SOFTWARE${MAG}' not found, please install${NORM}\n"
exit 1
fi
done
# check for required python modules
for MODULE in $MODULES ; do
[[ "$MODULE" =~ (.*),(.*) ]]
IMPORT_NAME="${BASH_REMATCH[1]}"
PIP_NAME="${BASH_REMATCH[2]}"
if ! python -c "import ${IMPORT_NAME}" >/dev/null 2>&1 ; then
echo -e "\n${MAG}Python '${RED}${PIP_NAME}${MAG}' module not installed, please install, usually like:${NORM}"
echo -e "\n${GREEN} pip install ${PIP_NAME}"
if [[ "${PIP_NAME}" == "requests" ]] ; then
echo -e "\n ${MAG}For help installing ${RED}requests${MAG} see: http://docs.python-requests.org/en/master/user/install/${NORM}"
fi
echo ""
exit 1
fi
done
# check current directory
if [ "$PWD" != "/etc/letsencrypt-ssl" ] ; then
echo -e "\n${RED}Scripts assume install directory is /etc/letsencrypt-ssl${NORM}"
exit 1
fi
# check config template
CONFIG_NOT_DONE="$(fgrep -i xxx config | head -1)"
while [[ "$CONFIG_NOT_DONE" != "" ]] ; do
echo -e "\n${RED}Configuration not complete:${NORM}"
VAR="$(echo "$CONFIG_NOT_DONE" | egrep -o '^[^=]*')"
echo -e "\n${GREEN}Please provide a value for ${MAG}$VAR${NORM} [just hit enter to cancel]"
echo ""
read -p "${MAG}$VAR=${NORM}" VALUE
if [[ "$VALUE" == "" ]] ; then
echo -e "\n${RED}Canceling setup${NORM}"
exit 1
fi
./file-replace.py -r config '^'"$VAR"'=.*' "$VAR=$VALUE"
CONFIG_NOT_DONE="$(fgrep -i xxx config | head -1)"
done
# setup domains.txt
if [[ ! -f domains.txt ]] || fgrep example domains.txt /dev/null 2>&1 ; then
echo -e "\n${MAG}It appears that the ${RED}domains.txt${MAG} file contians the example content${NORM}"
echo -e "${GREEN} - It should have one or more lines of space separated domain names${NORM}"
echo -e "${GREEN} - Each line will create one certificate for all of the domaines on the line${NORM}"
echo -e "${GREEN} - DNS validation will be permormed on each and every domain, more domains takes longer${NORM}"
echo -e "${GREEN}${NORM}"
echo -e -n "${MAG}Would you like to edit the domains.txt file now?${NORM}"
inquire
if [[ "$answer" == "y" ]] ; then
"$VEDITOR" domains.txt
fi
fi
# create folders as needed
echo ""
for d in $FOLDERS ; do
if [[ ! -d "$d" ]]; then
echo "${GREEN}Creating '$d' directory${NORM}"
mkdir "$d"
fi
done
echo ""
# download & install dehydrated script
echo -e "\n${GREEN}Downloading dehydrated BASH tool from github...${NORM}\n"
curl -L "https://codeload.github.com/lukas2511/dehydrated/zip/master" -o install/dehydrated.zip
echo -e "\n${GREEN}Installing dehydrated BASH tool...${NORM}\n"
unzip -jo install/dehydrated.zip "*/dehydrated" -d bin
# download & install hover-cli
echo -e "\n${GREEN}Downloading hover tool from github...${NORM}\n"
curl -L "https://github.com/mscalora/hover-cli/zipball/master/" -o install/hover-cli.zip
echo -e "\n${GREEN}Installing hover tool...${NORM}\n"
unzip -jo install/hover-cli.zip "*/hover*.py" -d bin
# hover credentials setup
if [ ! -f ".hover/hover-api-storage" ] ; then
echo -e "\n${GREEN}Setup hover account credentials by entering accout info now...${NORM}\n"
fi
export HOVER_TOOL_CONFIG="$PWD/hover.config"
BACKUP=".hover/dns-backup-$(date "+%Y%m%dT%H%M%S").bash"
/etc/letsencrypt-ssl/bin/hover.py --backup --out "$BACKUP"
echo -e "\n${GREEN}Your current DNS entries have been backed up to $BACKUP${NORM}...\n\n"
echo -e "\n${GREEN}You can rerun this script at any time" '(as root, in the /etc/letsencrypt-ssl directory)' "to validate hover credentials and perform DNS backup${NORM}"
# cron job setup
if crontab -l | fgrep letsencrypt-cron >/dev/null 2>&1 ; then
echo -e -n "\n${MAG}cron job appears to be installed already${NORM}"
else
CRON1='21 2 * * 0 /etc/letsencrypt-ssl/letsencrypt-cron.sh >>/var/log/letsencrypt-ssl.cron.log 2>&1'
CRON2='36 2 * * 0 /etc/letsencrypt-ssl/status-sender-cron.sh >>/var/log/letsencrypt-ssl.cron.log 2>&1'
echo -e "\n${GREEN}Suggested cron settings:${NORM}\n"
echo -e " # check and reissues certs as needed weekly, Sunday mornig at 2:21am"
echo " $CRON1"
echo -e " # send weekly certificate status, hover credential check and do DNS backup, Sunday at 2:36am [optional]"
echo " $CRON2"
echo -e ""
echo -e -n "\n${MAG}Do you wish to automatically add these cron jobs?${NORM}"
inquire
if [[ "$answer" == "y" ]] ; then
CTEMP="$(mktemp --tmpdir lets-cron.XXXXX)"
crontab -l >"$CTEMP"
echo "" >>"$CTEMP"
echo "$CRON1" >>"$CTEMP"
echo "$CRON2" >>"$CTEMP"
crontab "$CTEMP"
rm "$CTEMP"
fi
fi
# set up letsencrypt account with dehydrated
echo -e "\n${GREEN}Testing ${MAG}dehydrated${GREEN} tool and setting up account${NORM}\n"
if ! bin/dehydrated --register ; then
echo -e -n "\n${MAG}Do you wish to accept the terms of service?${NORM}"
inquire
if [[ "$answer" == "n" ]] ; then
exit 1
fi
if ! bin/dehydrated --register --accept-terms ; then
echo -e "\n${RED}Unexpected error running dehydrated --register, please correct and run again.${NORM}"
exit 1
fi
fi
# done
echo -e "\n${GREEN}Setup complete, you can now run the following command to issue certs:${NORM}"
echo -e "\n${GREEN} ${MAG}./letsencrypt-cron.sh${NORM}\n"