cpu/ldmud-hook.py

## ldmud-hook.py
#!/usr/bin/env python3
#
# Certbot LDMud Deploy Hook
# Paradox@Dune - 2021-03-07
#
# Adapted from:
# https://github.com/greenhost/certbot-haproxy/blob/develop/certbot-deploy-hook-example
#
# After installing Certbot, install the deploy hook (as root):
#   curl -o /etc/letsencrypt/renewal-hooks/deploy/ldmud-hook \
#     https://gist.githubusercontent.com/cpu/bec1601816db34bb8c9efeb3f78b37c5/raw/c73c7a0b5ce47318710227d25defcf5ae38fc209/ldmud-hook.py
#   chmod +x /etc/letsencrypt/renewal-hooks/deploy/ldmud-hook

import os
import re
import sys
import shutil

from datetime import date

# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
#   CHANGE THESE THREE VALUES TO SUIT
#           YOUR GAME'S NEEDS
# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
#
mud_home = "/home/mud/game"
mud_user = "mud"
certs_path = f"{mud_home}/tls"
# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

# Certbot sets an environment variable RENEWED_LINEAGE, which points to the
# path of the renewed certificate. We use that path to determine and find
# the files for the currently renewed certificated
lineage=os.environ.get('RENEWED_LINEAGE')

# If nothing renewed, exit
if not lineage:
    sys.exit()

# From the linage, we strip the 'domain name', which is the last part
# of the path.
result = re.match(r'.*/live/(.+)$', lineage)

# If we can not recognize the path, we exit with 1
if not result:
    sys.exit(1)

# Extract the domain name
domain = result.group(1)

cert_path = f"{certs_path}/{domain}.crt"
issuer_path = f"{certs_path}/{domain}.issuer.crt"
key_path = f"{certs_path}/{domain}.key"
timestamp_path = f"{certs_path}/last_updated.txt"

# The source files can be found in below paths, constructed with the lineage
# path.
source_cert = f"{lineage}/fullchain.pem"
source_issuer = f"{lineage}/chain.pem"
source_key = f"{lineage}/privkey.pem"

# Copy files, chown to mud user.
shutil.copyfile(source_cert, cert_path)
shutil.chown(cert_path, mud_user)
shutil.copyfile(source_issuer, issuer_path)
shutil.chown(issuer_path, mud_user)
shutil.copyfile(source_key, key_path)
shutil.chown(key_path, mud_user)

# Also write a timestamp file so we can easily tell when the hook last ran.
with open(timestamp_path, "wt") as ts_file:
  ts_file.write(f"{date.today()}\n")
shutil.chown(timestamp_path,  mud_user)

# All done! Note we don't restart LD here. That would disconnect players!
# Instead we assume there is something in-lib that calls
# efun::tls_refresh_certs(); every day or so to always have fresh certs.
	#!/usr/bin/env python3
	#
	# Certbot LDMud Deploy Hook
	# Paradox@Dune - 2021-03-07
	#
	# Adapted from:
	# https://github.com/greenhost/certbot-haproxy/blob/develop/certbot-deploy-hook-example
	#
	# After installing Certbot, install the deploy hook (as root):
	# curl -o /etc/letsencrypt/renewal-hooks/deploy/ldmud-hook \
	# https://gist.githubusercontent.com/cpu/bec1601816db34bb8c9efeb3f78b37c5/raw/c73c7a0b5ce47318710227d25defcf5ae38fc209/ldmud-hook.py
	# chmod +x /etc/letsencrypt/renewal-hooks/deploy/ldmud-hook

	import os
	import re
	import sys
	import shutil

	from datetime import date

	# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
	# CHANGE THESE THREE VALUES TO SUIT
	# YOUR GAME'S NEEDS
	# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
	#
	mud_home = "/home/mud/game"
	mud_user = "mud"
	certs_path = f"{mud_home}/tls"
	# ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

	# Certbot sets an environment variable RENEWED_LINEAGE, which points to the
	# path of the renewed certificate. We use that path to determine and find
	# the files for the currently renewed certificated
	lineage=os.environ.get('RENEWED_LINEAGE')

	# If nothing renewed, exit
	if not lineage:
	sys.exit()

	# From the linage, we strip the 'domain name', which is the last part
	# of the path.
	result = re.match(r'.*/live/(.+)$', lineage)

	# If we can not recognize the path, we exit with 1
	if not result:
	sys.exit(1)

	# Extract the domain name
	domain = result.group(1)

	cert_path = f"{certs_path}/{domain}.crt"
	issuer_path = f"{certs_path}/{domain}.issuer.crt"
	key_path = f"{certs_path}/{domain}.key"
	timestamp_path = f"{certs_path}/last_updated.txt"

	# The source files can be found in below paths, constructed with the lineage
	# path.
	source_cert = f"{lineage}/fullchain.pem"
	source_issuer = f"{lineage}/chain.pem"
	source_key = f"{lineage}/privkey.pem"

	# Copy files, chown to mud user.
	shutil.copyfile(source_cert, cert_path)
	shutil.chown(cert_path, mud_user)
	shutil.copyfile(source_issuer, issuer_path)
	shutil.chown(issuer_path, mud_user)
	shutil.copyfile(source_key, key_path)
	shutil.chown(key_path, mud_user)

	# Also write a timestamp file so we can easily tell when the hook last ran.
	with open(timestamp_path, "wt") as ts_file:
	ts_file.write(f"{date.today()}\n")
	shutil.chown(timestamp_path, mud_user)

	# All done! Note we don't restart LD here. That would disconnect players!
	# Instead we assume there is something in-lib that calls
	# efun::tls_refresh_certs(); every day or so to always have fresh certs.