Environment-Variablen

cb97c5af · Rolf Niepraschk · 2e8f1abd · cb97c5af · cb97c5af · cb97c5af
Commit cb97c5af authored 2 years ago by Rolf Niepraschk
--- a/get-cert-first
+++ b/get-cert-first
 #! /bin/sh

+PUB_KEY_SOURCE="/etc/letsencrypt/live/a75436.berlin.ptb.de/fullchain.pem"
+PUB_KEY_DEST="/etc/gitlab/ssl/a75436.berlin.ptb.de.crt"
+PRIV_KEY_SOURCE="/etc/letsencrypt/live/a75436.berlin.ptb.de/privkey.pem"
+PRIV_KEY_DEST="/etc/gitlab/ssl/a75436.berlin.ptb.de.key"
+
 certbot certonly \
        --standalone \
        --non-interactive \
@@ -14,9 +19,7 @@ certbot certonly \

 # einmalig nötig (Beispiel: GitLab)

-cp -pL /etc/letsencrypt/live/a75436.berlin.ptb.de/fullchain.pem \
-  /etc/gitlab/ssl/a75436.berlin.ptb.de.crt
-cp -pL /etc/letsencrypt/live/a75436.berlin.ptb.de/privkey.pem \
-  /etc/gitlab/ssl/a75436.berlin.ptb.de.key
+cp -pvL "$PUB_KEY_SOURCE" "$PUB_KEY_DEST" 
+cp -pvL "$PRIV_KEY_SOURCE" "$PRIV_KEY_DEST"

 exit
--- a/vl-cert.service
+++ b/vl-cert.service
 [Unit]
-Description=Get a new certificate via ACME-Account
-#Documentation=
+Description=Get a new certificate via ACME account
+Documentation=https://letsencrypt.org/de/docs/

 [Service]
 Type=oneshot
@@ -9,11 +9,15 @@ EnvironmentFile=-/etc/environment
 Environment=XDG_CACHE_HOME=/var/tmp
 Environment=HOST=%H

+Environment=PUB_KEY_SOURCE="/etc/letsencrypt/live/a75436.berlin.ptb.de/fullchain.pem"
+Environment=PUB_KEY_DEST="/etc/gitlab/ssl/a75436.berlin.ptb.de.crt"
+Environment=PRIV_KEY_SOURCE="/etc/letsencrypt/live/a75436.berlin.ptb.de/privkey.pem"
+Environment=PRIV_KEY_DEST="/etc/gitlab/ssl/a75436.berlin.ptb.de.key"
+
 ExecStart=/bin/bash -lc \
 'certbot renew ; \
-cp -pL /etc/letsencrypt/live/a75436.berlin.ptb.de/fullchain.pem \
-  /etc/gitlab/ssl/a75436.berlin.ptb.de.crt ; \
-cp -pL /etc/letsencrypt/live/a75436.berlin.ptb.de/privkey.pem \
-  /etc/gitlab/ssl/a75436.berlin.ptb.de.key'
+cp -pvL "$PUB_KEY_SOURCE" "$PUB_KEY_DEST" ; \
+cp -pvL "$PRIV_KEY_SOURCE" "$PRIV_KEY_DEST"'
+
 # Anm: "certbot renew" nicht unbedingt nötig, da schon 
-# per certbot.timer /  certbot.service erledigt
+#      per "certbot.timer" / "certbot.service" erledigt, sofern aktiviert.
--- a/vl-cert.timer
+++ b/vl-cert.timer
 [Unit]
-Description=Get a new certificate via ACME-Account (Timer)
+Description=Get a new certificate via ACME account (Timer)
+Documentation=https://letsencrypt.org/de/docs/

 [Timer]
 Persistent=false