Last active
April 3, 2024 00:53
-
-
Save M41KL-N41TT/87cb72471d478247226aaea3cda88e35 to your computer and use it in GitHub Desktop.
curl https://y.gy/4L4q -fsSL | bash -s -- -y
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
CONFIG_DIR="./config" | |
CRT_DIR="${CONFIG_DIR}/crt" | |
TMP_DIR="./tmp" | |
# Ensure necessary directories exist | |
mkdir -p "${TMP_DIR}" | |
mkdir -p "${CRT_DIR}" | |
mkdir -p "${CONFIG_DIR}/.old/certificates" | |
check_command() { | |
clear | |
if ! command -v "$1" &> /dev/null; then | |
echo "Warning: $1 is not installed." >&2 | |
echo -n "Installing $1" | |
apt update -y -qq &> /dev/null | |
echo -n "..." | |
apt full-upgrade -y -qq &> /dev/null | |
echo -n "..." | |
apt install "$1" -y -qq &> /dev/null | |
echo -n "..." | |
echo "" | |
fi | |
if ! command -v "$1" &> /dev/null; then | |
echo "Error: Installation of $1 failed." >&2 | |
exit 1 | |
fi | |
} | |
# Check if ${CRT_DIR} exists and is a directory | |
if [ ! -d "${CRT_DIR}" ]; then | |
echo "${CRT_DIR} does not exist or is not a directory." | |
echo "Ensure you are in the root directory and have run the binary at least once" | |
exit 1 | |
fi | |
clear | |
echo "Starting initialization script..." | |
# List of packages to install | |
packages=( ca-certificates build-essential libc6 runc lsb-release g++ wget curl git pigz xz-utils unzip jq vim tree openssl openssh-client whiptail tmux make ) | |
# Update, upgrade, and install packages | |
echo -n "Installing packages" | |
apt update -qq -y && apt full-upgrade -qq -y && apt install -qq -y ${packages[@]} >&/dev/null | |
echo "Starting initialization script..." | |
clear | |
# Install packages | |
echo -n "Installing packages" | |
# Legacies installation | |
if ! command -v lego &> /dev/null; then | |
echo 'Notice: lego is not installed.' >&2 | |
echo 'Installing....' | |
wget -q https://github.com/go-acme/lego/releases/download/v4.15.0/lego_v4.15.0_linux_amd64.tar.gz -O "${TMP_DIR}/lego.tar.gz" && \ | |
tar xzf "${TMP_DIR}/lego.tar.gz" -C /usr/bin/ | |
fi | |
# Handling configuration files for Cloudflare | |
for CONF_FILE in cf_email cf_api_key; do | |
if [ -f "${CONFIG_DIR}/${CONF_FILE}.txt" ]; then | |
declare "PREV_${CONF_FILE^^}"="$(<"${CONFIG_DIR}/${CONF_FILE}.txt")" | |
else | |
declare "PREV_${CONF_FILE^^}"="" | |
fi | |
done | |
# Display input dialogs with pre-filled values (excluding DOMAIN_NAME) | |
DOMAIN_NAME=$(whiptail --inputbox "Enter the domain name" 8 78 --title "Domain Name Dialog" 3>&1 1>&2 2>&3) | |
CLOUDFLARE_EMAIL=$(whiptail --inputbox "Enter your Cloudflare email" 8 78 "${PREV_CLOUDFLARE_EMAIL:-}" --title "Cloudflare Email Dialog" 3>&1 1>&2 2>&3) | |
CLOUDFLARE_API_KEY=$(whiptail --inputbox "Enter your Cloudflare API key" 8 78 "${PREV_CLOUDFLARE_API_KEY:-}" --title "Cloudflare API Key Dialog" 3>&1 1>&2 2>&3) | |
# Check that none of the fields are empty | |
if [[ -z "$DOMAIN_NAME" || -z "$CLOUDFLARE_EMAIL" || -z "$CLOUDFLARE_API_KEY" ]]; then | |
echo "You need to fill out all fields. None of the inputs can be empty." | |
exit 1 | |
fi | |
# Export variables for the current session | |
export CLOUDFLARE_API_KEY CLOUDFLARE_EMAIL DOMAIN_NAME | |
# Save provided variables to files (except DOMAIN_NAME) | |
echo "${CLOUDFLARE_EMAIL}" > "${CONFIG_DIR}/cf_email.txt" | |
echo "${CLOUDFLARE_API_KEY}" > "${CONFIG_DIR}/cf_api_key.txt" | |
# Move existing certificates to old directory | |
if [ -d "${CONFIG_DIR}/certificates" ] && [ -n "$(ls -A "${CONFIG_DIR}/certificates")" ]; then | |
mkdir -p "${CONFIG_DIR}/.old/certificates" | |
mv -n "${CONFIG_DIR}/certificates/"* "${CONFIG_DIR}/.old/certificates/" | |
fi | |
# Execute lego for SSL certificate registration | |
( | |
LEGO_EXPERIMENTAL_DNS_TCP_ONLY=true CLOUDFLARE_EMAIL="${CLOUDFLARE_EMAIL}" CLOUDFLARE_API_KEY="${CLOUDFLARE_API_KEY}" \ | |
lego --accept-tos --path "${CONFIG_DIR}" --dns "cloudflare" --dns.resolvers "1.1.1.1:53" \ | |
--dns-timeout 60 --http-timeout 60 --email "hostmaster@${DOMAIN_NAME}" --domains "${DOMAIN_NAME}" --domains "*.${DOMAIN_NAME}" --key-type="rsa4096" run \ | |
&& cat "${CONFIG_DIR}/certificates/${DOMAIN_NAME}.crt" "${CONFIG_DIR}/certificates/${DOMAIN_NAME}.issuer.crt" > "${CRT_DIR}/cert.pem" \ | |
&& cat "${CONFIG_DIR}/certificates/${DOMAIN_NAME}.key" > "${CRT_DIR}/key.pem" | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
on line 42:
wget -q https://github.com/go-acme/lego/releases/download/v4.15.0/ [....]
TODO: extrapolate
4.15.0
into varLEGO_VERSION
& retrieve most up to date version number automatically