From 61cdfe3f68880b3e906cc96d6be0031fbbf1595c Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Thu, 31 Dec 2020 09:45:52 -0500 Subject: [PATCH] Generate HTTPS certs with certbot for syncthing packer --- .envrc | 1 + prod/syncthing-packer/.gitignore | 2 ++ prod/syncthing-packer/packer/Makefile | 9 ++++++++- prod/syncthing-packer/packer/do.ini.template | 1 + 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 prod/syncthing-packer/packer/do.ini.template diff --git a/.envrc b/.envrc index 4964bf4..6a5c18b 100644 --- a/.envrc +++ b/.envrc @@ -10,6 +10,7 @@ export SYNCTHING_PW=$(pass packer-syncthing-pw) export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key) export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem) export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem) +export CERTBOT_EMAIL=$(pass certbot-email) if [ -f ".env.local" ]; then echo "sourcing .env.local" diff --git a/prod/syncthing-packer/.gitignore b/prod/syncthing-packer/.gitignore index 49a53fe..baeb0aa 100644 --- a/prod/syncthing-packer/.gitignore +++ b/prod/syncthing-packer/.gitignore @@ -1,3 +1,5 @@ packer/syncthing-config.xml packer/syncthing-cert.pem packer/syncthing-key.pem +packer/do.ini +packer/certbot/ diff --git a/prod/syncthing-packer/packer/Makefile b/prod/syncthing-packer/packer/Makefile index d33a914..a0620d9 100644 --- a/prod/syncthing-packer/packer/Makefile +++ b/prod/syncthing-packer/packer/Makefile @@ -1,6 +1,6 @@ .PHONY: packer -packer: syncthing-config.xml syncthing.json +packer: syncthing-config.xml syncthing.json syncthing-cert.pem syncthing-key.pem certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem packer build syncthing.json syncthing-config.xml: syncthing-config.xml.template @@ -11,3 +11,10 @@ syncthing-cert.pem: syncthing-cert.pem.template syncthing-key.pem: syncthing-key.pem.template sigil -p -f syncthing-key.pem.template > syncthing-key.pem + +certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem &: do.ini + certbot certonly -n --agree-tos --email ${CERTBOT_EMAIL} --dns-digitalocean --dns-digitalocean-credentials do.ini --config-dir ./certbot --work-dir ./certbot --logs-dir ./certbot -d syncthing.jeremydormitzer.com + +do.ini: do.ini.template + sigil -p -f do.ini.template > do.ini + chmod 600 do.ini diff --git a/prod/syncthing-packer/packer/do.ini.template b/prod/syncthing-packer/packer/do.ini.template new file mode 100644 index 0000000..7c6ec3f --- /dev/null +++ b/prod/syncthing-packer/packer/do.ini.template @@ -0,0 +1 @@ +dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?} \ No newline at end of file