diff options
Diffstat (limited to '')
| -rw-r--r-- | README.md | 10 | ||||
| -rwxr-xr-x | fconv | 21 | ||||
| -rwxr-xr-x | recert | 132 |
3 files changed, 163 insertions, 0 deletions
@@ -9,3 +9,13 @@ gives you the url to a mc jar file with a given version and server type as input #### aconv converts a directory of any music file to all be one codec and container in the output + +#### fconv + +converts one font type to another with fontforge, (just an alias posing as a bash script) + +#### recert + +using lets encrypt, allows checking and renewal of lets encrypt certificates. usefull for cron jobs + +this uses certbot with webroot, so make sure to have DOMAIN/.well-known/acme-challenge pointed to /var/www/html/.well-known/acme-challenge on your system @@ -0,0 +1,21 @@ +#!/bin/sh + +chk_command() { + if ! command -v "$1" > /dev/null; then + >&2 echo "error: command '$1' could not be found" + exit 1 + fi +} + +chk_command "fontforge" + +usage() { + printf "usage: fconv FONT_SRC FONT_DST\n" +} + +if [ "$#" -ne 2 ]; then + usage + exit 1 +fi + +fontforge -lang=ff -c 'Open($1); Generate($2); Close();' "$1" "$2" @@ -0,0 +1,132 @@ +#!/usr/bin/env bash + +single=0 # merge the certs into a single cert +force=0 # if to skip similariaty checks or not +quiet=0 # should i shut up?!?!? :< +cert='cert.pem' # where the public cert should go +key='cert.key' # where the private cert should go +domain='localhost' # the domain to copy certs from + +usage() { + printf "usage: recert [-hsfq] [-d DOMAIN] [-c CERT] [-k KEY]\n\n" + printf "\t-h\t\tshow the help message\n" + printf "\t-s\t\tcombine the certs into a single cert\n" + printf "\t-f\t\tskip cert equal checks (force)\n" + printf "\t-q\t\tquiet output\n" + printf "\t-d DOMAIN\tthe domain name to recert\n" + printf "\t-c CERT\t\tthe destination path for the cert\n" + printf "\t-k KEY\t\tthe destination path for the key (no -s)\n" +} + +hash() { + if [ -f "$1" ]; then + sha3sum "$1" | awk '{ print $1 }'; + fi +} + +letscert() { + certbot certonly \ + --preferred-chain "ISRG Root X1" \ + --key-type rsa \ + --webroot --webroot-path "/var/www/html" \ + -d "$1" +} + +recert_log() { + if [ $quiet = 0 ]; then + printf "$*" 1>&2 + fi +} + +chk_command() { + if ! command -v "$1" > /dev/null; then + >&2 echo "error: command '$1' could not be found" + exit 1 + fi +} + +while getopts ":hsfqd:c:k:" arg > /dev/null; do + case $arg in + h) + usage + exit 0 + ;; + s) + single=1 + ;; + f) + force=1 + ;; + q) + quiet=1 + ;; + d) + domain=${OPTARG} + ;; + c) + cert=${OPTARG} + ;; + k) + key=${OPTARG} + ;; + ?) + echo "unknown option" + exit 1 + ;; + esac +done + +chk_command "getopts" +chk_command "certbot" +chk_command "openssl" + +if [ ! "$cert" = "cert.pem" ] && [ "$key" = "cert.key" ]; then + name=${cert%.*} + key="$name.key" +fi + +# Step 1: make sure letsencrypt certs exist (create if not) +lets_root="/etc/letsencrypt/live" +lets_cert="$lets_root/$domain/fullchain.pem" +lets_key="$lets_root/$domain/privkey.pem" +if [ ! -f "$lets_cert" ] && [ ! -f "$lets_key" ]; then + letscert "$domain" +fi + +# Step 2: make sure certs wont expire soon (create if will) +if openssl x509 -checkend 604800 -noout -in "$lets_cert" > /dev/null; then + # certificate is good, only update if forced + if [ $force = 1 ]; then + rm "$lets_root"/* + rmdir "$lets_root" + recert_log "renewing... " + letscert "$domain" + else + recert_log "up to date... " + fi +else + recert_log "renewing... " + letscert "$domain" +fi + +# Step 3: store lets encrypt cert into tmp file +tmp=$(mktemp) +if [ $single = 1 ]; then + { + cat "$lets_cert"; + echo; + cat "$lets_key"; + } >> "$tmp" +fi + +# Step 4: copy certs +recert_log "copied certs\n" +if [ $single = 1 ]; then + cp "$tmp" "$cert" +else + cp "$lets_cert" "$cert" + cp "$lets_key" "$key" +fi + +# Cleanup +rm "$tmp" |