From 17387674b8371917120550a46cb78b9842feee18 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sun, 30 Jul 2023 01:17:57 -0500 Subject: [PATCH] standard cron Signed-off-by: Eric Nemchik --- root/defaults/crontabs/abc | 2 + root/etc/crontabs/root | 9 ----- .../s6-rc.d/init-certbot-config/run | 11 +++--- .../dependencies.d/init-fail2ban-config | 0 .../s6-rc.d/init-crontab-config/run | 22 +++++++++++ .../type | 0 .../s6-overlay/s6-rc.d/init-crontab-config/up | 1 + .../s6-rc.d/init-crontabs-config/run | 38 ------------------- .../s6-rc.d/init-crontabs-config/up | 1 - .../dependencies.d/init-crontab-config} | 0 .../contents.d/init-crontab-config} | 0 .../user/contents.d/init-crontabs-config | 0 12 files changed, 31 insertions(+), 53 deletions(-) create mode 100644 root/defaults/crontabs/abc delete mode 100644 root/etc/crontabs/root rename root/etc/s6-overlay/s6-rc.d/{init-crontabs-config => init-crontab-config}/dependencies.d/init-fail2ban-config (100%) create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontab-config/run rename root/etc/s6-overlay/s6-rc.d/{init-crontabs-config => init-crontab-config}/type (100%) create mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontab-config/up delete mode 100755 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run delete mode 100644 root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up rename root/etc/{crontabs/abc => s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontab-config} (100%) rename root/etc/s6-overlay/s6-rc.d/{init-nginx-config/dependencies.d/init-crontabs-config => user/contents.d/init-crontab-config} (100%) delete mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config diff --git a/root/defaults/crontabs/abc b/root/defaults/crontabs/abc new file mode 100644 index 0000000..a9909e3 --- /dev/null +++ b/root/defaults/crontabs/abc @@ -0,0 +1,2 @@ +# min hour day month weekday command +8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 diff --git a/root/etc/crontabs/root b/root/etc/crontabs/root deleted file mode 100644 index c24fea0..0000000 --- a/root/etc/crontabs/root +++ /dev/null @@ -1,9 +0,0 @@ -# do daily/weekly/monthly maintenance -# min hour day month weekday command -*/15 * * * * run-parts /etc/periodic/15min -0 * * * * run-parts /etc/periodic/hourly -0 2 * * * run-parts /etc/periodic/daily -0 3 * * 6 run-parts /etc/periodic/weekly -0 5 1 * * run-parts /etc/periodic/monthly -# renew letsencrypt certs -8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1 diff --git a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run index 6d33344..e872e8d 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-certbot-config/run @@ -44,6 +44,7 @@ function set_ini_value() { # ensure config files exist and has at least one value set (set_ini_value does not work on empty files) touch /config/etc/letsencrypt/cli.ini +lsiown abc:abc /config/etc/letsencrypt/cli.ini grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini # copy dns default configs @@ -190,9 +191,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] || REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") fi if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true + s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true else - certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true + s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true fi rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} fi @@ -205,9 +206,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then - certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true + s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true else - certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true + s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true fi rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} fi @@ -340,7 +341,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini fi echo "Generating new certificate" - certbot certonly --non-interactive --renew-by-default + s6-setuidgid abc certbot certonly --non-interactive --renew-by-default if [[ ! -d /config/keys/letsencrypt ]]; then if [[ "${VALIDATION}" = "dns" ]]; then echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/dependencies.d/init-fail2ban-config similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config rename to root/etc/s6-overlay/s6-rc.d/init-crontab-config/dependencies.d/init-fail2ban-config diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run new file mode 100644 index 0000000..c49a50c --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run @@ -0,0 +1,22 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash + +# make folders +mkdir -p \ + /config/crontabs + +## abc +# if crontabs do not exist in config +if [[ ! -f /config/crontabs/abc ]]; then + # copy crontab from system + if crontab -l -u abc; then + crontab -l -u abc >/config/crontabs/abc + fi + + # if crontabs still do not exist in config (were not copied from system) + # copy crontab from included defaults (using -n, do not overwrite an existing file) + cp -n /defaults/crontabs/abc /config/crontabs/ +fi +# set permissions and import user crontabs +lsiown abc:abc /config/crontabs/abc +crontab -u abc /config/crontabs/abc diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/type similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type rename to root/etc/s6-overlay/s6-rc.d/init-crontab-config/type diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontab-config/up b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/up new file mode 100644 index 0000000..d354111 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-crontab-config/run diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run deleted file mode 100755 index c0bb241..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/with-contenv bash -# shellcheck shell=bash - -# make folders -mkdir -p \ - /config/crontabs - -## root -# if crontabs do not exist in config -if [[ ! -f /config/crontabs/root ]]; then - # copy crontab from system - if crontab -l -u root; then - crontab -l -u root >/config/crontabs/root - fi - - # if crontabs still do not exist in config (were not copied from system) - # copy crontab from included defaults (using -n, do not overwrite an existing file) - cp -n /etc/crontabs/root /config/crontabs/ 2> >(grep -v 'cp: not replacing') -fi -# set permissions and import user crontabs -lsiown root:root /config/crontabs/root -crontab -u root /config/crontabs/root - -## abc -# if crontabs do not exist in config -if [[ ! -f /config/crontabs/abc ]]; then - # copy crontab from system - if crontab -l -u abc; then - crontab -l -u abc >/config/crontabs/abc - fi - - # if crontabs still do not exist in config (were not copied from system) - # copy crontab from included defaults (using -n, do not overwrite an existing file) - cp -n /etc/crontabs/abc /config/crontabs/ 2> >(grep -v 'cp: not replacing') -fi -# set permissions and import user crontabs -lsiown abc:abc /config/crontabs/abc -crontab -u abc /config/crontabs/abc diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up b/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up deleted file mode 100644 index 006d814..0000000 --- a/root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up +++ /dev/null @@ -1 +0,0 @@ -/etc/s6-overlay/s6-rc.d/init-crontabs-config/run diff --git a/root/etc/crontabs/abc b/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontab-config similarity index 100% rename from root/etc/crontabs/abc rename to root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontab-config diff --git a/root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontab-config similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config rename to root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontab-config diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config deleted file mode 100644 index e69de29..0000000