custom/simp_le.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

{ stdenv, writeText
, simp_le
, eject
}:
#dir:
domain:

let
  dir = "/etc/ssl/self/${domain}";
  script = writeText "${domain}.sh" ''
    backupDir=/root/ssl_archive/$(date +'%Y-%m-%d')-$$-${domain}
    mkdir -p ${dir}
    cd ${dir}
    mkdir -p $backupDir
    for f in account_key.json cert.pem fullchain.pem key.pem privkey.pem; do
      [[ -e $f ]] && mv -v $f $backupDir
    done
    ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \
      --email "phikeebaogobaegh@141.li" \
      -f account_key.json \
      -f cert.pem \
      -f fullchain.pem \
      -f key.pem
    if [[ $? -ne 0 ]]; then
      for f in ./*; do rm -v $f; done
      mv -v $backupDir/* . && rmdir $backupDir
    else
      [[ -e key.pem ]] && ln -s -f key.pem privkey.pem
    fi
  '';
in
  "bash ${script} 2>&1 | ${eject}/bin/logger -p auth.info"