Merge branch 'master' of github.com:kirsle/.dotfiles

2016-01-07 13:06:45 -08:00 · 2016-01-07 13:06:45 -08:00 · 9a02de694e
commit 9a02de694e
parent 546b4cfacb 7dd943edbe
2 changed files with 121 additions and 2 deletions
--- a/home/bin/fedora-setup
+++ b/home/bin/fedora-setup
@ -35,6 +35,8 @@ Themes:
 http://sh.kirsle.net/
 """
 import hashlib
 import os
 import subprocess
 class Application(object):
@ -52,8 +54,19 @@ class Application(object):
            self.shell("sudo dnf install --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm")
        # Microsoft core fonts and Emoji support.
-        if not self.test("rpm -q msttcore-fonts"):
+        if not self.test("rpm -q msttcore-fonts") or True:
-            self.shell("sudo dnf install http://rpm.kirsle.net/any/rpm/msttcore-fonts-2.0-3.noarch.rpm")
+            # The fonts aren't signed, so verify their checksum.
            self.shell("wget -O /tmp/msttcore-fonts.rpm https://rpm.kirsle.net/any/rpm/msttcore-fonts-2.0-3.noarch.rpm")
            expect_sum = "a20ecca993827d10bb51118a0cfdf8a1e65f161a78361bee865a138ca5a4f43f"
            if self.sha256sum("/tmp/msttcore-fonts.rpm") != expect_sum:
                print("!!! WARNING !!!")
                print("The SHA256 hash of msttcore-fonts doesn't match what I expected!")
                print("Expected: {}".format(expect_sum))
                print("     Got: {}".format(self.sha256sum("/tmp/msttcore-fonts.rpm")))
                input("Press any key to continue. . .")
            else:
                self.shell("sudo dnf install /tmp/msttcore-fonts.rpm")
            os.unlink("/tmp/msttcore-fonts.rpm")
        self.install("gdouros-symbola-fonts")
        # Themes
@ -108,6 +121,13 @@ class Application(object):
        except subprocess.CalledProcessError:
            return False
    def sha256sum(self, file):
        """Get the SHA256 checksum of a file."""
        m = hashlib.sha256()
        with open(file, 'rb') as fh:
            m.update(fh.read())
        return m.hexdigest()
 if __name__ == "__main__":
    app = Application()
    app.main()
--- a/home/bin/renew-certs.py
+++ b/home/bin/renew-certs.py
@ -0,0 +1,99 @@
 #!/usr/bin/env python3
 # Cron script to renew LetsEncrypt certificates.
 #
 # --Kirsle
 # https://sh.kirsle.net/
 import os
 import subprocess
 import time
 ################################################################################
 # Configuration Section Begins                                                 #
 ################################################################################
 # Let's Encrypt directories
 LE_APPDIR = "/opt/letsencrypt"       # Where `letsencrypt-auto` lives
 LE_CERTS  = "/etc/letsencrypt/live"  # Where live certificates go
 # Common arguments to letsencrypt-auto
 COMMON = ["./letsencrypt-auto", "certonly", "--renew",
          "--webroot", "-w", "/var/www/html"]
 # Domains and their subdomains; one array element per certificate, with each
 # array element being a list of domains to include in the same cert.
 CERTS = [
    [ "www.kirsle.net", "kirsle.net", "www.kirsle.com", "kirsle.com",
      "www.kirsle.org", "kirsle.org", "sh.kirsle.net", "rpm.kirsle.net",
      "minecraft.kirsle.net", "mc.kirsle.net", "rophako.kirsle.net" ],
    [ "noah.is", "www.noah.is", "petherbridge.org", "www.petherbridge.org",
      "noah.petherbridge.org", "noahpetherbridge.com",
      "www.noahpetherbridge.com" ],
    [ "rivescript.com", "www.rivescript.com", "static.rivescript.com" ],
    [ "siikir.com", "www.siikir.com" ],
    [ "collegegent.com", "www.collegegent.com" ],
 ]
 # Minimum lifetime for certificate before renewing it?
 LIFETIME = 60*60*24*30  # Once a month.
 # Command to run after finishing if certs were renewed.
 RESTART_COMMAND = ["service", "nginx", "reload"]
 ################################################################################
 # End Configuration Section                                                    #
 ################################################################################
 def main():
    os.chdir(LE_APPDIR)
    # If any certs were renewed, we'll schedule the restart command at the end.
    any_renewed = False
    # See which certificates are ready to be renewed.
    print("Checking SSL certificates for renewal")
    for cert in CERTS:
        ready = False  # Ready to renew this one
        primary = cert[0]
        # Find its existing live certificate file.
        home = os.path.join(LE_CERTS, primary)
        chain = os.path.join(home, "cert.pem")
        # When was it last modified?
        if not os.path.isfile(chain):
            print("NOTE: No existing cert file found for {} ({})".format(
                primary,
                chain,
            ))
            ready = True
        else:
            mtime = os.stat(chain).st_mtime
            if time.time() - mtime > LIFETIME:
                print("Cert for {} is old; scheduling it for renewal!"\
                    .format(primary))
                ready = True
        # Proceed?
        if ready:
            print("Renewing certificate for {}...".format(primary))
            command = []
            command.extend(COMMON)
            # Add all the domains.
            for domain in cert:
                command.extend(["-d", domain])
            print("Exec: {}".format(" ".join(command)))
            subprocess.call(command)
            any_renewed = True
    # If any certs were changed, restart the web server.
    if any_renewed:
        print("Restarting the web server: {}".format(" ".join(RESTART_COMMAND)))
        subprocess.call(RESTART_COMMAND)
 if __name__ == "__main__":
    main()