[NEW] setup-server: Initial deployment scripts

scripts/certbot.bash

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+DOMAIN='targetdisk.io'
+CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'
+
+install_certbot() {
+	[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	mkdir -p ~/src
+
+	pip install --user --upgrade pip
+	pip install --upgrade certbot
+
+	git clone --recurse-submodules \
+		https://github.com/cloudflare/certbot-dns-cloudflare \
+		~/src/certbot-dns-cloudflare
+
+	pushd ~/src/certbot-dns-cloudflare
+	python3 setup.py install
+	popd  # ~/src/certbot-dns-cloudflare
+}
+
+setup_certbot() {
+	[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	[ -f "$CLOUDFLARE_SECRET_INI" ] \
+		|| dedcat  "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \
+			  $'  For more information see here:\n' \
+			  $'      https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \
+			  $'  And here:\n' \
+			   '      https://labzilla.io/blog/cloudflare-certbot'
+
+	certbot certonly --dns-cloudflare \
+		--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \
+		-d "$DOMAIN,*.$DOMAIN" \
+		--preferred-challenges dns-01
+}
+
+# TODO: Check back when Go/Cloudflare get their heads our of their arses
+install_cloudflared() {
+	[ "$1" == help ] && echo -n "Setup cloudflared." && return 0
+	[ $UID -ne 0 ] && die "ERROR: must be root!"
+
+	# Alpine+Cloudflare+Go made me do this
+	wget -O /usr/local/bin/cloudflared \
+		'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'
+
+	# We really should be checking a checksum/sig before doing this...
+	# Oh well...
+	chmod +x /usr/local/bin/cloudflared
+
+	# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little
+	# kingdom... ¯\_(ツ)_/¯
+}