Browse Source

Merge branch 'master' of github.com:kirsle/.dotfiles

master
Noah Petherbridge 6 years ago
parent
commit
9a02de694e
  1. 24
      home/bin/fedora-setup
  2. 99
      home/bin/renew-certs.py

24
home/bin/fedora-setup

@ -35,6 +35,8 @@ Themes:
http://sh.kirsle.net/
"""
import hashlib
import os
import subprocess
class Application(object):
@ -52,8 +54,19 @@ class Application(object):
self.shell("sudo dnf install --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm")
# Microsoft core fonts and Emoji support.
if not self.test("rpm -q msttcore-fonts"):
self.shell("sudo dnf install http://rpm.kirsle.net/any/rpm/msttcore-fonts-2.0-3.noarch.rpm")
if not self.test("rpm -q msttcore-fonts") or True:
# The fonts aren't signed, so verify their checksum.
self.shell("wget -O /tmp/msttcore-fonts.rpm https://rpm.kirsle.net/any/rpm/msttcore-fonts-2.0-3.noarch.rpm")
expect_sum = "a20ecca993827d10bb51118a0cfdf8a1e65f161a78361bee865a138ca5a4f43f"
if self.sha256sum("/tmp/msttcore-fonts.rpm") != expect_sum:
print("!!! WARNING !!!")
print("The SHA256 hash of msttcore-fonts doesn't match what I expected!")
print("Expected: {}".format(expect_sum))
print(" Got: {}".format(self.sha256sum("/tmp/msttcore-fonts.rpm")))
input("Press any key to continue. . .")
else:
self.shell("sudo dnf install /tmp/msttcore-fonts.rpm")
os.unlink("/tmp/msttcore-fonts.rpm")
self.install("gdouros-symbola-fonts")
# Themes
@ -108,6 +121,13 @@ class Application(object):
except subprocess.CalledProcessError:
return False
def sha256sum(self, file):
"""Get the SHA256 checksum of a file."""
m = hashlib.sha256()
with open(file, 'rb') as fh:
m.update(fh.read())
return m.hexdigest()
if __name__ == "__main__":
app = Application()
app.main()

99
home/bin/renew-certs.py

@ -0,0 +1,99 @@
#!/usr/bin/env python3
# Cron script to renew LetsEncrypt certificates.
#
# --Kirsle
# https://sh.kirsle.net/
import os
import subprocess
import time
################################################################################
# Configuration Section Begins #
################################################################################
# Let's Encrypt directories
LE_APPDIR = "/opt/letsencrypt" # Where `letsencrypt-auto` lives
LE_CERTS = "/etc/letsencrypt/live" # Where live certificates go
# Common arguments to letsencrypt-auto
COMMON = ["./letsencrypt-auto", "certonly", "--renew",
"--webroot", "-w", "/var/www/html"]
# Domains and their subdomains; one array element per certificate, with each
# array element being a list of domains to include in the same cert.
CERTS = [
[ "www.kirsle.net", "kirsle.net", "www.kirsle.com", "kirsle.com",
"www.kirsle.org", "kirsle.org", "sh.kirsle.net", "rpm.kirsle.net",
"minecraft.kirsle.net", "mc.kirsle.net", "rophako.kirsle.net" ],
[ "noah.is", "www.noah.is", "petherbridge.org", "www.petherbridge.org",
"noah.petherbridge.org", "noahpetherbridge.com",
"www.noahpetherbridge.com" ],
[ "rivescript.com", "www.rivescript.com", "static.rivescript.com" ],
[ "siikir.com", "www.siikir.com" ],
[ "collegegent.com", "www.collegegent.com" ],
]
# Minimum lifetime for certificate before renewing it?
LIFETIME = 60*60*24*30 # Once a month.
# Command to run after finishing if certs were renewed.
RESTART_COMMAND = ["service", "nginx", "reload"]
################################################################################
# End Configuration Section #
################################################################################
def main():
os.chdir(LE_APPDIR)
# If any certs were renewed, we'll schedule the restart command at the end.
any_renewed = False
# See which certificates are ready to be renewed.
print("Checking SSL certificates for renewal")
for cert in CERTS:
ready = False # Ready to renew this one
primary = cert[0]
# Find its existing live certificate file.
home = os.path.join(LE_CERTS, primary)
chain = os.path.join(home, "cert.pem")
# When was it last modified?
if not os.path.isfile(chain):
print("NOTE: No existing cert file found for {} ({})".format(
primary,
chain,
))
ready = True
else:
mtime = os.stat(chain).st_mtime
if time.time() - mtime > LIFETIME:
print("Cert for {} is old; scheduling it for renewal!"\
.format(primary))
ready = True
# Proceed?
if ready:
print("Renewing certificate for {}...".format(primary))
command = []
command.extend(COMMON)
# Add all the domains.
for domain in cert:
command.extend(["-d", domain])
print("Exec: {}".format(" ".join(command)))
subprocess.call(command)
any_renewed = True
# If any certs were changed, restart the web server.
if any_renewed:
print("Restarting the web server: {}".format(" ".join(RESTART_COMMAND)))
subprocess.call(RESTART_COMMAND)
if __name__ == "__main__":
main()
Loading…
Cancel
Save