35 lines
1.1 KiB
Bash
Executable File
35 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
MAIL_DOMAIN="${BOSS_MAIL_DOMAIN:-boss.hyzq.net}"
|
|
SOURCE_DIR="${BOSS_MAIL_TLS_SOURCE_DIR:-/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${MAIL_DOMAIN}}"
|
|
SOURCE_CERT="${BOSS_MAIL_TLS_CERT_SOURCE:-${SOURCE_DIR}/${MAIL_DOMAIN}.crt}"
|
|
SOURCE_KEY="${BOSS_MAIL_TLS_KEY_SOURCE:-${SOURCE_DIR}/${MAIL_DOMAIN}.key}"
|
|
TARGET_DIR="${BOSS_MAIL_TLS_TARGET_DIR:-/etc/boss-mail/tls}"
|
|
TARGET_CERT="${TARGET_DIR}/fullchain.pem"
|
|
TARGET_KEY="${TARGET_DIR}/privkey.pem"
|
|
|
|
if [[ ! -f "${SOURCE_CERT}" || ! -f "${SOURCE_KEY}" ]]; then
|
|
echo "Missing Caddy TLS assets for ${MAIL_DOMAIN} under ${SOURCE_DIR}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
install -d -m 700 "${TARGET_DIR}"
|
|
|
|
changed=0
|
|
if [[ ! -f "${TARGET_CERT}" ]] || ! cmp -s "${SOURCE_CERT}" "${TARGET_CERT}"; then
|
|
install -m 644 "${SOURCE_CERT}" "${TARGET_CERT}"
|
|
changed=1
|
|
fi
|
|
|
|
if [[ ! -f "${TARGET_KEY}" ]] || ! cmp -s "${SOURCE_KEY}" "${TARGET_KEY}"; then
|
|
install -m 600 "${SOURCE_KEY}" "${TARGET_KEY}"
|
|
changed=1
|
|
fi
|
|
|
|
if [[ "${changed}" -eq 1 ]]; then
|
|
systemctl restart postfix dovecot
|
|
fi
|
|
|
|
echo "boss-mail-cert-sync completed"
|