erenfro · June 14, 2017 16:21
diff --git a/certbot-renew b/certbot-renew
 #!/bin/bash

 script_name=$(readlink -e $0)
 script_dir=$(dirname $script_name)

 if [[ -d "${PWD}/pre.d" || -d "${PWD}/post.d" ]]; then
        hook_dir="${PWD}"
 elif [[ -d "${script_dir}/pre.d" || -d "${script_dir}/post.d" ]]; then
        hook_dir="${script_dir}"
 elif [[ -d "/etc/letsencrypt/pre.d" || -d "/etc/letsencrypt/post.d" ]]; then
        hook_dir="/etc/letsencrypt"
 else
        echo "Hook dir does not exist in at least one of the following paths:"
        echo "  \"$PWD\""
        echo "  \"${script_dir}\""
        echo "  \"/etc/letsencrypt\""
        echo "Either of these directories need to contain one or both of pre.d and post.d"
        echo "directories for hooks to run."
        exit 1
 fi

 run-hook() {
        local hook=$1
        local errors=0

        if [[ ! -d "${hook_dir}/${hook}" ]]; then
                return 0
        fi

        while read s
        do
                $s
                err=$?

                if [[ $err -ne 0 ]]; then
                        let errors++
                fi
        done < <(run-parts --test "${hook_dir}/${hook}")

        return $errors
 }

 pre-hook() {
        run-hook pre.d
        local err=$?

        if [[ $err -ne 0 ]]; then
                echo "WARN: pre-hook errors: $err"
        fi
 }

 post-hook() {
        run-hook post.d
        local err=$?

        if [[ $err -ne 0 ]]; then
                echo "WARN: post-hook errors: $err"
        fi
 }

 case "$1" in
        pre-hook)
                echo "Running Pre-Hooks"
                pre-hook
                exit $?
                ;;
        post-hook)
                echo "Running Post-Hooks"
                post-hook
                exit $?
                ;;
        renew|"")
                echo "Checking renewal"
                certbot renew --quiet --pre-hook="${script_name} pre-hook" --post-hook="${script_name} post-hook"
                status=$?

                if [[ $status -eq 0 ]]; then
                        echo "OK"
                else
                        echo "ERROR"
                        exit $status
                fi
                ;;
        *)
                echo "Unknown Command"
                echo "Available commands: renew, pre-hook, post-hook. Default: renew"
                exit 2
                ;;
 esac
diff --git a/letsencrypt.service b/letsencrypt.service
 [Unit]
 Description=Check and update LetsEncrypt Certificates
 OnFailure=status-email-user@%n.service

 [Service]
 Type=oneshot
 User=root
 PrivateTmp=true
 NoNewPrivileges=true
 ExecStart=/usr/local/sbin/certbot-renew
diff --git a/letsencrypt.timer b/letsencrypt.timer
 [Unit]
 Description=Check and update LetsEncrypt Certificates

 [Timer]
 OnCalendar=weekly
 Persistent=true

 [Install]
 WantedBy=timers.target
diff --git a/[email protected] b/[email protected]
 [Unit]
 Description=Status email for %i to user

 [Service]
 Type=oneshot
 ExecStart=/usr/local/sbin/systemd-email [email protected] %i
 User=nobody
 Group=systemd-journal
diff --git a/systemd-email b/systemd-email
 #!/bin/bash

 /usr/sbin/sendmail -t <<ERRMAIL
 To: $1
 From: systemd <root@$HOSTNAME>
 Subject: $2
 Content-Transfer-Encoding: 8bit
 Content-Type: text/plain; charset=UTF-8

 $(systemctl status --full "$2")
 ERRMAIL
	#!/bin/bash

	script_name=$(readlink -e $0)
	script_dir=$(dirname $script_name)

	if [[ -d "${PWD}/pre.d" \|\| -d "${PWD}/post.d" ]]; then
	hook_dir="${PWD}"
	elif [[ -d "${script_dir}/pre.d" \|\| -d "${script_dir}/post.d" ]]; then
	hook_dir="${script_dir}"
	elif [[ -d "/etc/letsencrypt/pre.d" \|\| -d "/etc/letsencrypt/post.d" ]]; then
	hook_dir="/etc/letsencrypt"
	else
	echo "Hook dir does not exist in at least one of the following paths:"
	echo " \"$PWD\""
	echo " \"${script_dir}\""
	echo " \"/etc/letsencrypt\""
	echo "Either of these directories need to contain one or both of pre.d and post.d"
	echo "directories for hooks to run."
	exit 1
	fi

	run-hook() {
	local hook=$1
	local errors=0

	if [[ ! -d "${hook_dir}/${hook}" ]]; then
	return 0
	fi

	while read s
	do
	$s
	err=$?

	if [[ $err -ne 0 ]]; then
	let errors++
	fi
	done < <(run-parts --test "${hook_dir}/${hook}")

	return $errors
	}

	pre-hook() {
	run-hook pre.d
	local err=$?

	if [[ $err -ne 0 ]]; then
	echo "WARN: pre-hook errors: $err"
	fi
	}

	post-hook() {
	run-hook post.d
	local err=$?

	if [[ $err -ne 0 ]]; then
	echo "WARN: post-hook errors: $err"
	fi
	}

	case "$1" in
	pre-hook)
	echo "Running Pre-Hooks"
	pre-hook
	exit $?
	;;
	post-hook)
	echo "Running Post-Hooks"
	post-hook
	exit $?
	;;
	renew\|"")
	echo "Checking renewal"
	certbot renew --quiet --pre-hook="${script_name} pre-hook" --post-hook="${script_name} post-hook"
	status=$?

	if [[ $status -eq 0 ]]; then
	echo "OK"
	else
	echo "ERROR"
	exit $status
	fi
	;;
	*)
	echo "Unknown Command"
	echo "Available commands: renew, pre-hook, post-hook. Default: renew"
	exit 2
	;;
	esac
	[Unit]
	Description=Check and update LetsEncrypt Certificates
	OnFailure=status-email-user@%n.service

	[Service]
	Type=oneshot
	User=root
	PrivateTmp=true
	NoNewPrivileges=true
	ExecStart=/usr/local/sbin/certbot-renew
	[Unit]
	Description=Check and update LetsEncrypt Certificates

	[Timer]
	OnCalendar=weekly
	Persistent=true

	[Install]
	WantedBy=timers.target
	[Unit]
	Description=Status email for %i to user

	[Service]
	Type=oneshot
	ExecStart=/usr/local/sbin/systemd-email [email protected] %i
	User=nobody
	Group=systemd-journal
	#!/bin/bash

	/usr/sbin/sendmail -t <<ERRMAIL
	To: $1
	From: systemd <root@$HOSTNAME>
	Subject: $2
	Content-Transfer-Encoding: 8bit
	Content-Type: text/plain; charset=UTF-8

	$(systemctl status --full "$2")
	ERRMAIL