website/scripts/certbot.bash

#!/usr/bin/env bash

DOMAIN='targetdisk.io'
CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'

install_certbot() {
	[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	mkdir -p ~/src

	pip install --user --upgrade pip
	pip install --upgrade certbot

	git clone --recurse-submodules \
		https://github.com/cloudflare/certbot-dns-cloudflare \
		~/src/certbot-dns-cloudflare

	pushd ~/src/certbot-dns-cloudflare
	python3 setup.py install
	popd  # ~/src/certbot-dns-cloudflare
}

setup_certbot() {
	[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	[ -f "$CLOUDFLARE_SECRET_INI" ] \
		|| dedcat  "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \
			  $'  For more information see here:\n' \
			  $'      https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \
			  $'  And here:\n' \
			   '      https://labzilla.io/blog/cloudflare-certbot'

	certbot certonly --dns-cloudflare \
		--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \
		-d "$DOMAIN,*.$DOMAIN" \
		--preferred-challenges dns-01
}

# TODO: Check back when Go/Cloudflare get their heads our of their arses
install_cloudflared() {
	[ "$1" == help ] && echo -n "Setup cloudflared." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	if [ -e /etc/debian_version ]; then
		sudo mkdir -p --mode=0755 /usr/share/keyrings
		curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg \
			| sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

		echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" \
			| sudo tee /etc/apt/sources.list.d/cloudflared.list

		sudo apt-get update && sudo apt-get install cloudflared
	else
		# Alpine+Cloudflare+Go made me do this
		wget -O /usr/local/bin/cloudflared \
			'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'

		# We really should be checking a checksum/sig before doing this...
		# Oh well...
		chmod +x /usr/local/bin/cloudflared

		# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little
		# kingdom... ¯\_(ツ)_/¯
	fi
}
[NEW] setup-server: Initial deployment scripts 2023-11-07 16:48:50 -06:00			`#!/usr/bin/env bash`

			`DOMAIN='targetdisk.io'`
			`CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'`

			`install_certbot() {`
			`[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0`
			`[ $UID -ne 0 ] && die "ERROR: must be root!"`

			`mkdir -p ~/src`

			`pip install --user --upgrade pip`
			`pip install --upgrade certbot`

			`git clone --recurse-submodules \`
			`https://github.com/cloudflare/certbot-dns-cloudflare \`
			`~/src/certbot-dns-cloudflare`

			`pushd ~/src/certbot-dns-cloudflare`
			`python3 setup.py install`
			`popd # ~/src/certbot-dns-cloudflare`
			`}`

			`setup_certbot() {`
			`[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0`
			`[ $UID -ne 0 ] && die "ERROR: must be root!"`

			`[ -f "$CLOUDFLARE_SECRET_INI" ] \`
			`\|\| dedcat "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \`
			`$' For more information see here:\n' \`
			`$' https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \`
			`$' And here:\n' \`
			`' https://labzilla.io/blog/cloudflare-certbot'`

			`certbot certonly --dns-cloudflare \`
			`--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \`
			`-d "$DOMAIN,*.$DOMAIN" \`
			`--preferred-challenges dns-01`
			`}`

			`# TODO: Check back when Go/Cloudflare get their heads our of their arses`
			`install_cloudflared() {`
			`[ "$1" == help ] && echo -n "Setup cloudflared." && return 0`
			`[ $UID -ne 0 ] && die "ERROR: must be root!"`

setup-server: Add Debian cloudflared setup codepath 2023-11-07 16:56:22 -06:00			`if [ -e /etc/debian_version ]; then`
			`sudo mkdir -p --mode=0755 /usr/share/keyrings`
			`curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg \`
			`\| sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null`
[NEW] setup-server: Initial deployment scripts 2023-11-07 16:48:50 -06:00
setup-server: Add Debian cloudflared setup codepath 2023-11-07 16:56:22 -06:00			`echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" \`
			`\| sudo tee /etc/apt/sources.list.d/cloudflared.list`
[NEW] setup-server: Initial deployment scripts 2023-11-07 16:48:50 -06:00
setup-server: Add Debian cloudflared setup codepath 2023-11-07 16:56:22 -06:00			`sudo apt-get update && sudo apt-get install cloudflared`
			`else`
			`# Alpine+Cloudflare+Go made me do this`
			`wget -O /usr/local/bin/cloudflared \`
			`'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'`

			`# We really should be checking a checksum/sig before doing this...`
			`# Oh well...`
			`chmod +x /usr/local/bin/cloudflared`

			`# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little`
			`# kingdom... ¯\_(ツ)_/¯`
			`fi`
[NEW] setup-server: Initial deployment scripts 2023-11-07 16:48:50 -06:00			`}`