Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-10-01 01:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

standard cron

Browse Source 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
This commit is contained in:
Eric Nemchik 2023-07-30 01:17:57 -05:00
parent 42ebe4a584
commit 17387674b8
No known key found for this signature in database
12 changed files with 31 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
root/defaults/crontabs/abc Normal file
View File

@ -0,0 +1,2 @@
# min hour day month weekday command
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

9
root/etc/crontabs/root
View File

@ -1,9 +0,0 @@
# do daily/weekly/monthly maintenance
# min hour day month weekday command
*/15 * * * * run-parts /etc/periodic/15min
0 * * * * run-parts /etc/periodic/hourly
0 2 * * * run-parts /etc/periodic/daily
0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly
# renew letsencrypt certs
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

11
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -44,6 +44,7 @@ function set_ini_value() {
# ensure config files exist and has at least one value set (set_ini_value does not work on empty files) # ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
touch /config/etc/letsencrypt/cli.ini touch /config/etc/letsencrypt/cli.ini
lsiown abc:abc /config/etc/letsencrypt/cli.ini
grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
# copy dns default configs # copy dns default configs
@ -190,9 +191,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi fi
@ -205,9 +206,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi fi
@ -340,7 +341,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
fi fi
echo "Generating new certificate" echo "Generating new certificate"
certbot certonly --non-interactive --renew-by-default s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
if [[ ! -d /config/keys/letsencrypt ]]; then if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."

0
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config → root/etc/s6-overlay/s6-rc.d/init-crontab-config/dependencies.d/init-fail2ban-config
View File

22
root/etc/s6-overlay/s6-rc.d/init-crontab-config/run Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make folders
mkdir -p \
/config/crontabs
## abc
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/abc ]]; then
# copy crontab from system
if crontab -l -u abc; then
crontab -l -u abc >/config/crontabs/abc
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /defaults/crontabs/abc /config/crontabs/
fi
# set permissions and import user crontabs
lsiown abc:abc /config/crontabs/abc
crontab -u abc /config/crontabs/abc

0
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type → root/etc/s6-overlay/s6-rc.d/init-crontab-config/type
View File

1
root/etc/s6-overlay/s6-rc.d/init-crontab-config/up Normal file
View File

@ -0,0 +1 @@
/etc/s6-overlay/s6-rc.d/init-crontab-config/run

38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
View File

@ -1,38 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make folders
mkdir -p \
/config/crontabs
## root
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/root ]]; then
# copy crontab from system
if crontab -l -u root; then
crontab -l -u root >/config/crontabs/root
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/root /config/crontabs/ 2> >(grep -v 'cp: not replacing')
fi
# set permissions and import user crontabs
lsiown root:root /config/crontabs/root
crontab -u root /config/crontabs/root
## abc
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/abc ]]; then
# copy crontab from system
if crontab -l -u abc; then
crontab -l -u abc >/config/crontabs/abc
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/abc /config/crontabs/ 2> >(grep -v 'cp: not replacing')
fi
# set permissions and import user crontabs
lsiown abc:abc /config/crontabs/abc
crontab -u abc /config/crontabs/abc

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
View File

@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

0
root/etc/crontabs/abc → root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontab-config
View File

0
root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config → root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontab-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config
View File