base/roles/lego/files/lego_run.sh

#!/usr/bin/env bash
set -euo pipefail

LEGO_BINARY=$(/usr/bin/env which lego)

if [[ -n "$LEGO_HTTP_FALLBACK_PORT" ]]; then
  if ! nc_binary="$(type -p \"nc\")" || [[ -z $nc_binary ]]; then
    echo "nc not found (in PATH), exiting"
    exit 1
  fi
  nc -z 127.0.0.1 $LEGO_HTTP_PORT;
  if [[ $? -eq 0 ]]; then
      LEGO_HTTP_PORT=$LEGO_HTTP_FALLBACK_PORT
  fi
fi

if [[ -n "$LEGO_PRE_RENEWAL_HOOK" ]]; then
  $LEGO_PRE_RENEWAL_HOOK
fi

LEGO_COMMAND_ARGS_EXPANDED=$(bash -c "echo $LEGO_COMMAND_ARGS") # This is a bit icky

FILES_IN_DIR=$(find "$LEGO_CERT_STORE_PATH/certificates" -type f | wc -l)
if [[ $FILES_IN_DIR -gt 2 ]]; then
        $LEGO_BINARY $LEGO_COMMAND_ARGS_EXPANDED renew --days=$LEGO_CERT_DAYS_TO_RENEW
else
        $LEGO_BINARY $LEGO_COMMAND_ARGS_EXPANDED run
fi

find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chmod "$LEGO_CERT_MODE" "{}"
find "$LEGO_CERT_STORE_PATH/certificates" -type f | xargs -I{} -n 1 chown "${LEGO_CERT_USER}:${LEGO_CERT_GROUP}" "{}"

if [[ -n "$LEGO_POST_RENEWAL_HOOK" ]]; then
  $LEGO_POST_RENEWAL_HOOK
fi
feat: add finallycoffee.base.lego role 2024-05-19 20:40:43 +02:00			`#!/usr/bin/env bash`
feat(lego): add pre- and post-renewal hooks 2025-03-01 22:27:29 +01:00			`set -euo pipefail`
feat: add finallycoffee.base.lego role 2024-05-19 20:40:43 +02:00
			`LEGO_BINARY=$(/usr/bin/env which lego)`

feat(roles/lego): Add support for LEGO_HTTP_PORT_FALLBACK 2024-08-01 19:59:02 +02:00			`if [[ -n "$LEGO_HTTP_FALLBACK_PORT" ]]; then`
feat(lego): add pre- and post-renewal hooks 2025-03-01 22:27:29 +01:00			`if ! nc_binary="$(type -p \"nc\")" \|\| [[ -z $nc_binary ]]; then`
			`echo "nc not found (in PATH), exiting"`
			`exit 1`
			`fi`
feat(roles/lego): Add support for LEGO_HTTP_PORT_FALLBACK 2024-08-01 19:59:02 +02:00			`nc -z 127.0.0.1 $LEGO_HTTP_PORT;`
			`if [[ $? -eq 0 ]]; then`
			`LEGO_HTTP_PORT=$LEGO_HTTP_FALLBACK_PORT`
			`fi`
			`fi`

feat(lego): add pre- and post-renewal hooks 2025-03-01 22:27:29 +01:00			`if [[ -n "$LEGO_PRE_RENEWAL_HOOK" ]]; then`
			`$LEGO_PRE_RENEWAL_HOOK`
			`fi`

feat(roles/lego): Add support for LEGO_HTTP_PORT_FALLBACK 2024-08-01 19:59:02 +02:00			`LEGO_COMMAND_ARGS_EXPANDED=$(bash -c "echo $LEGO_COMMAND_ARGS") # This is a bit icky`

feat(lego): add pre- and post-renewal hooks 2025-03-01 22:27:29 +01:00			`FILES_IN_DIR=$(find "$LEGO_CERT_STORE_PATH/certificates" -type f \| wc -l)`
feat: add finallycoffee.base.lego role 2024-05-19 20:40:43 +02:00			`if [[ $FILES_IN_DIR -gt 2 ]]; then`
feat(roles/lego): Add support for LEGO_HTTP_PORT_FALLBACK 2024-08-01 19:59:02 +02:00			`$LEGO_BINARY $LEGO_COMMAND_ARGS_EXPANDED renew --days=$LEGO_CERT_DAYS_TO_RENEW`
feat: add finallycoffee.base.lego role 2024-05-19 20:40:43 +02:00			`else`
feat(roles/lego): Add support for LEGO_HTTP_PORT_FALLBACK 2024-08-01 19:59:02 +02:00			`$LEGO_BINARY $LEGO_COMMAND_ARGS_EXPANDED run`
feat(lego): Ensure certificates have correct mode and owner 2024-09-11 17:47:49 +02:00			`fi`

feat(lego): add pre- and post-renewal hooks 2025-03-01 22:27:29 +01:00			`find "$LEGO_CERT_STORE_PATH/certificates" -type f \| xargs -I{} -n 1 chmod "$LEGO_CERT_MODE" "{}"`
			`find "$LEGO_CERT_STORE_PATH/certificates" -type f \| xargs -I{} -n 1 chown "${LEGO_CERT_USER}:${LEGO_CERT_GROUP}" "{}"`

			`if [[ -n "$LEGO_POST_RENEWAL_HOOK" ]]; then`
			`$LEGO_POST_RENEWAL_HOOK`
			`fi`