Add support for PUID/PGID and create necessary directories in /snikket
This is useful when e.g. mounting an existing directory instead of a docker-managed volume.
This commit is contained in:
parent
23d795b1cb
commit
c30b7310aa
|
@ -1,12 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
certbot certonly -n --webroot --webroot-path /var/www \
|
||||
su letsencrypt -- -c "certbot certonly -n --webroot --webroot-path /var/www \
|
||||
--cert-path /etc/ssl/certbot \
|
||||
--keep $SNIKKET_CERTBOT_OPTIONS \
|
||||
--agree-tos --email "$SNIKKET_ADMIN_EMAIL" --expand \
|
||||
--agree-tos --email \"$SNIKKET_ADMIN_EMAIL\" --expand \
|
||||
--allow-subset-of-names \
|
||||
--config-dir /snikket/letsencrypt \
|
||||
--domain "$SNIKKET_DOMAIN" --domain "share.$SNIKKET_DOMAIN" \
|
||||
--domain "groups.$SNIKKET_DOMAIN"
|
||||
--domain \"$SNIKKET_DOMAIN\" --domain \"share.$SNIKKET_DOMAIN\" \
|
||||
--domain \"groups.$SNIKKET_DOMAIN\"
|
||||
"
|
||||
|
||||
prosodyctl --root cert import /snikket/letsencrypt/live
|
||||
|
|
|
@ -13,4 +13,14 @@
|
|||
copy:
|
||||
src: ../files/certbot.cron
|
||||
dest: /etc/cron.daily/certbot
|
||||
mode: 0550
|
||||
mode: 0555
|
||||
- name: Create letsencrypt group
|
||||
group:
|
||||
name: letsencrypt
|
||||
system: yes
|
||||
- name: Create letsencrypt user
|
||||
user:
|
||||
name: letsencrypt
|
||||
group: letsencrypt
|
||||
system: yes
|
||||
home: /snikket/letsencrypt
|
||||
|
|
|
@ -15,4 +15,28 @@ echo "from snikket@$SNIKKET_DOMAIN" >> /etc/msmtprc
|
|||
|
||||
unset SNIKKET_SMTP_URL
|
||||
|
||||
PUID=${PUID:=$(stat -c %u /snikket)}
|
||||
PGID=${PGID:=$(stat -c %g /snikket)}
|
||||
|
||||
if [ "$PUID" != 0 ] && [ "$PGID" != 0 ]; then
|
||||
usermod -o -u "$PUID" prosody
|
||||
groupmod -o -g "$PGID" prosody
|
||||
|
||||
usermod -o -u "$PUID" letsencrypt
|
||||
groupmod -o -g "$PGID" letsencrypt
|
||||
fi
|
||||
|
||||
if ! test -d /snikket/prosody; then
|
||||
install -o prosody -g prosody -m 750 -d /snikket/prosody;
|
||||
fi
|
||||
|
||||
chown -R prosody:prosody /var/spool/anacron /var/run/prosody /snikket/prosody /etc/prosody
|
||||
|
||||
if ! test -d /snikket/letsencrypt; then
|
||||
install -o letsencrypt -g letsencrypt -m 750 -d /snikket/letsencrypt;
|
||||
fi
|
||||
|
||||
install -o letsencrypt -g letsencrypt -m 750 -d /var/lib/letsencrypt;
|
||||
install -o letsencrypt -g letsencrypt -m 750 -d /var/log/letsencrypt;
|
||||
|
||||
exec supervisord -c /etc/supervisor/supervisord.conf
|
||||
|
|
Loading…
Reference in New Issue