From 7e8d29755135a4384d8c2aa8cfd24c5ddfeb7c97 Mon Sep 17 00:00:00 2001
From: Mitchell Riedstra <mitch@riedstra.dev>
Date: Mon, 9 Jan 2023 23:01:36 -0500
Subject: Initial

---
 setup.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100755 setup.sh

(limited to 'setup.sh')

diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..1bb9b03
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,88 @@
+#!/bin/sh
+# acme user's setup script
+set -ex
+cd "$HOME"
+
+if ! [ -e "sign.sec" ] ; then
+	rm -f sign.pub || echo ""
+	signify -G -n -p sign.pub -s sign.sec
+fi
+cat sign.pub
+
+if ! [ -e "age.key" ] ; then
+	age-keygen -o age.key
+fi
+
+if [ -n "$AGE_RECIPIENTS" ] ; then
+	echo "$AGE_RECIPIENTS" > recipients.txt
+fi
+
+awk '/public key/{print $4}' age.key >> recipients.txt
+
+if [ -z "$ACME_EMAIL" ] ; then
+	echo "ACME_EMAIL must be set"
+	exit 1
+fi
+
+if [ -z "$ACME_DELEGATION_DOMAIN" ] ; then
+	echo "ACME_DELEGATION_DOMAIN must be set"
+	exit 1
+fi
+
+if [ -z "$DOMAINS" ] ; then
+	echo "DOMAINS must be set"
+	exit 1
+fi
+
+cp /usr/bin/acme.sh ./
+
+sh ./acme.sh  --install \
+	--home "$HOME/acme_home" \
+	--config-home "$HOME/acme_conf" \
+	--cert-home  "$HOME/certs" \
+	--accountemail  "$ACME_EMAIL" \
+	--accountkey "$HOME/acme_account.key" \
+	--accountconf "$HOME/acme_account.conf" \
+	--no-cron
+
+
+#shellcheck disable=SC1091
+. "$HOME/acme_home/acme.sh.env"
+
+acme.sh --upgrade
+
+for domain in $DOMAINS ; do
+	#shellcheck disable=SC2086
+	if ! [ -f "certs/$domain/$domain.cer" ] ; then
+		acme.sh $ACMESH_FLAGS \
+			--issue \
+			--dns dns_aws \
+			--challenge-alias "$ACME_DELEGATION_DOMAIN" \
+			-d "$domain" -d "*.${domain}"
+	fi
+
+	cd "certs/$domain"
+	sha256sum "${domain}.cer" "${domain}.key" \
+		> "/var/www/acme/${domain}.sha256sum"
+
+	age -e -a -R "$HOME"/recipients.txt  "${domain}.key" \
+		> "/var/www/acme/${domain}.key.enc"
+
+	cp "${domain}.cer" /var/www/acme/
+	cp "fullchain.cer" /var/www/acme/"${domain}".fullchain
+
+	cd /var/www/acme
+
+	sha256sum "${domain}.fullchain" >> "${domain}.sha256sum"
+
+	sha256sum "${domain}.key.enc" >> "${domain}.sha256sum"
+
+	rm -f "${domain}.sha256sum.sig" || echo ""
+
+	signify -S -m "${domain}.sha256sum" -s "$HOME/sign.sec" \
+		-x "${domain}.sha256sum.sig"
+
+	cd "$HOME"
+done
+
+cp sign.pub /var/www/acme/
-- 
cgit v1.2.3