#!/bin/bash set -e PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin date -R echo function dehydrate { [[ -z $1 ]] && echo "function dehydrate needs dns01|http01 as 1st argument" && exit 1 acme_type=$1 echo check/renew $acme_type certs dehydrated --cron --keep-going --config /etc/dehydrated/config-$acme_type echo } function dehydrate_clean { [[ -z $1 ]] && echo "function dehydrate_clean needs dns01|http01 as 1st argument" && exit 1 acme_type=$1 echo clean-up $acme_type certs dehydrated --cleanup --config /etc/dehydrated/config-$acme_type echo } {% if dehydrated_domains_dns01 is defined %} PATH=/root/yandex-cloud/bin:$PATH [[ ! -x `which yc` ]] && echo yandex cli is required to get a token, install it first && exit 1 [[ ! -f $HOME/.config/yandex-cloud/config.yaml ]] && \ echo yandex cli is not configured - define a service account for non-interactive authentication && exit 1 echo -n preparing token ... export YC_TOKEN=`yc iam create-token` && echo done # token size varies (e.g. seen 285 charts as well as 350 chars) # let's say we want minimum 200 chars to assume that's a token # and show output for debugging echo -n checking YC_TOKEN variable ... if (( `echo -n $YC_TOKEN | wc -c` < 200 )); then echo "$YC_TOKEN does not look like a token" echo echo CANNOT PROCEED WITH ACME DNS-01 echo else echo done echo dehydrate dns01 fi {% endif %} {% if dehydrated_domains_http01 is defined %} dehydrate http01 {% endif %} {% if inventory_hostname_short == 'acme-manager' %} /root/PUSH-CERTS {% endif %} {% for process in processes %} {% set incl = 'WEEKLY-incl-' + process %} {% include incl ignore missing %} {% endfor %} {% if dehydrated_domains_http01 is defined %} # only after we've succeffuly reloaded everything dehydrate_clean http01 {% endif %} {% if dehydrated_domains_dns01 is defined %} # only after we've succeffuly reloaded everything dehydrate_clean dns01 {% endif %} {% if system == 'debian' %} # free-up some space apt-get clean {% elif system == 'redhat' %} # free-up some space on redhat TBD {% endif %} date -R echo