linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-11-01 05:27:42 +09:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #399 from linuxserver/standard-cron

Browse Source 
standard cron
This commit is contained in:
Eric Nemchik
2023-11-18 19:11:17 -06:00
committed by GitHub
parent 2697b74a8c 82e85d22c1
commit 2f4162578f
10 changed files with 15 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
root/etc/crontabs/abc
View File

@@ -0,0 +1,2 @@
# min hour day month weekday command
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

9
root/etc/crontabs/root
View File

@@ -1,9 +0,0 @@
# do daily/weekly/monthly maintenance
# min hour day month weekday command
*/15 * * * * run-parts /etc/periodic/15min
0 * * * * run-parts /etc/periodic/hourly
0 2 * * * run-parts /etc/periodic/daily
0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly
# renew letsencrypt certs
8 2 * * * /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

17
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@@ -31,6 +31,12 @@ if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | gre
sleep infinity sleep infinity
fi fi
# set owner of certbot's CONFIG_DIR, WORK_DIR, and LOGS_DIR to abc
lsiown -R abc:abc \
/etc/letsencrypt \
/var/lib/letsencrypt \
/var/log/letsencrypt
# set_ini_value logic: # set_ini_value logic:
# - if the name is not found in the file, append the name=value to the end of the file # - if the name is not found in the file, append the name=value to the end of the file
# - if the name is found in the file, replace the value # - if the name is found in the file, replace the value
@@ -46,6 +52,7 @@ function set_ini_value() {
# ensure config files exist and has at least one value set (set_ini_value does not work on empty files) # ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
touch /config/etc/letsencrypt/cli.ini touch /config/etc/letsencrypt/cli.ini
lsiown abc:abc /config/etc/letsencrypt/cli.ini
grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
# copy dns default configs # copy dns default configs
@@ -192,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
fi fi
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi fi
@@ -207,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory") REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
else else
certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
fi fi
rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal} rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
fi fi
@@ -342,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
fi fi
echo "Generating new certificate" echo "Generating new certificate"
certbot certonly --non-interactive --renew-by-default s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
if [[ ! -d /config/keys/letsencrypt ]]; then if [[ ! -d /config/keys/letsencrypt ]]; then
if [[ "${VALIDATION}" = "dns" ]]; then if [[ "${VALIDATION}" = "dns" ]]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file." echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."

38
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run
View File

@@ -1,38 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# make folders
mkdir -p \
/config/crontabs
## root
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/root ]]; then
# copy crontab from system
if crontab -l -u root; then
crontab -l -u root >/config/crontabs/root
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/root /config/crontabs/ 2> >(grep -v 'cp: not replacing')
fi
# set permissions and import user crontabs
lsiown root:root /config/crontabs/root
crontab -u root /config/crontabs/root
## abc
# if crontabs do not exist in config
if [[ ! -f /config/crontabs/abc ]]; then
# copy crontab from system
if crontab -l -u abc; then
crontab -l -u abc >/config/crontabs/abc
fi
# if crontabs still do not exist in config (were not copied from system)
# copy crontab from included defaults (using -n, do not overwrite an existing file)
cp -n /etc/crontabs/abc /config/crontabs/ 2> >(grep -v 'cp: not replacing')
fi
# set permissions and import user crontabs
lsiown abc:abc /config/crontabs/abc
crontab -u abc /config/crontabs/abc

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type
View File

@@ -1 +0,0 @@
oneshot

1
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up
View File

@@ -1 +0,0 @@
/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

2
root/etc/s6-overlay/s6-rc.d/init-folders-config/run
View File

@@ -3,7 +3,7 @@
# make our folders and links # make our folders and links
mkdir -p \ mkdir -p \
/config/{fail2ban,crontabs,dns-conf} \ /config/{fail2ban,dns-conf} \
/config/etc/letsencrypt/renewal-hooks \ /config/etc/letsencrypt/renewal-hooks \
/config/log/{fail2ban,letsencrypt,nginx} \ /config/log/{fail2ban,letsencrypt,nginx} \
/config/nginx/proxy-confs \ /config/nginx/proxy-confs \

0
root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-crontabs-config
View File

0
root/etc/s6-overlay/s6-rc.d/init-crontabs-config/dependencies.d/init-fail2ban-config → root/etc/s6-overlay/s6-rc.d/init-nginx-config/dependencies.d/init-fail2ban-config
View File

0
root/etc/s6-overlay/s6-rc.d/user/contents.d/init-crontabs-config
View File