From 80db965dbfb85c4e599ea1ec994b52100f01bc43 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
Date: Fri, 16 Jun 2023 11:25:12 -0700
Subject: [PATCH] add deploy tools

---
 sbin/letsencrypt-deploy.sh         | 34 ++++++++++++++++++++++++++++++
 systemd/letsencrypt-deploy.path    | 13 ++++++++++++
 systemd/letsencrypt-deploy.service |  7 ++++++
 3 files changed, 54 insertions(+)
 create mode 100755 sbin/letsencrypt-deploy.sh
 create mode 100644 systemd/letsencrypt-deploy.path
 create mode 100644 systemd/letsencrypt-deploy.service

diff --git a/sbin/letsencrypt-deploy.sh b/sbin/letsencrypt-deploy.sh
new file mode 100755
index 0000000..1dc4b4d
--- /dev/null
+++ b/sbin/letsencrypt-deploy.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# letsencrypt-tools
+# https://git.stack-source.com/msb/letsencrypt-tools
+# Copyright (c) 2023 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+#
+# must be root
+if [ "$USER" != "root" ]; then
+  exec sudo -u root $0 $@
+fi
+
+if [[ -d /var/tmp/letsencrypt/ ]]; then
+  domainArray=(`ls -1 /var/tmp/letsencrypt/`)
+  for domain in "${domainArray[@]}"
+  do
+    rm /var/tmp/letsencrypt/$domain
+    if /usr/local/bin/letsencrypt-certonly.sh -d $domain ; then
+      if [[ "$domain" =~ ^mail.* ]]; then
+        vmaildomain="${domain/mail./}"
+        if [[ -d /var/vmail/$vmaildomain ]]; then
+          /usr/local/bin/vmail-dovecot-enable.sh -d $domain
+          /usr/local/bin/vhost-enable.sh -d $domain -m VMailHTTPS
+        fi
+      elif [[ -d /srv/www/$domain ]]; then
+        /usr/local/bin/vhost-enable.sh -d $domain -m VHostHTTPS
+      fi
+    fi
+    # add code to check for aliases and redirects?
+    # run once and exit, script will be restarted if additional domains are still queued for cert deployment
+    exit 0
+  done
+fi
+
diff --git a/systemd/letsencrypt-deploy.path b/systemd/letsencrypt-deploy.path
new file mode 100644
index 0000000..176c8d6
--- /dev/null
+++ b/systemd/letsencrypt-deploy.path
@@ -0,0 +1,13 @@
+[Unit]
+Description="Monitor /var/tmp/letsencrypt/ for cert names to deploy."
+After=apache2.service
+
+[Path]
+# TriggerLimitIntervalSec=60 - not available until next version of systemd (250)
+MakeDirectory=true
+DirectoryMode=0777
+DirectoryNotEmpty=/var/tmp/letsencrypt
+Unit=letsencrypt-deploy.service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/letsencrypt-deploy.service b/systemd/letsencrypt-deploy.service
new file mode 100644
index 0000000..27041c0
--- /dev/null
+++ b/systemd/letsencrypt-deploy.service
@@ -0,0 +1,7 @@
+[Unit]
+Description="Deploy Let's Encrypt Certificate"
+ConditionDirectoryNotEmpty=/var/tmp/letsencrypt
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/letsencrypt-deploy.sh