lego

init-server.py

@@ -9,11 +9,18 @@ from fabric import Config, Connection
 from ssh_lib import CONFIG_DIR, HTTP_HOST_BIN, OFM_DIR, REMOTE_CONFIG, SCRIPTS_DIR, TILE_GEN_BIN
 from ssh_lib.benchmark import c1000k, wrk
 from ssh_lib.kernel import kernel_tweaks_ofm
-from ssh_lib.nginx import certbot, nginx
+from ssh_lib.nginx import lego, nginx
 from ssh_lib.pkg_base import pkg_base, pkg_upgrade
 from ssh_lib.planetiler import planetiler
 from ssh_lib.rclone import rclone
-from ssh_lib.utils import add_user, enable_sudo, put, put_dir, put_str, sudo_cmd
+from ssh_lib.utils import (
+    add_user,
+    enable_sudo,
+    put,
+    put_dir,
+    put_str,
+    sudo_cmd,
+)
 
 
 def prepare_shared(c):
@@ -119,7 +126,7 @@ def upload_http_host_config(c):
 
 def prepare_http_host(c):
     nginx(c)
-    certbot(c)
+    lego(c)
 
     c.sudo('rm -rf /data/ofm/http_host/logs')
     c.sudo('mkdir -p /data/ofm/http_host/logs')
@@ -253,12 +260,14 @@ def tile_gen(hostname, user, port):
 def debug(hostname, user, port):
     c = get_connection(hostname, user, port)
 
+    lego(c)
+
     # upload_http_host_config(c)
 
-    upload_https_host_files(c)
+    # upload_https_host_files(c)
     # run_http_host_sync(c)
 
-    sudo_cmd(c, '/data/ofm/venv/bin/python -u /data/ofm/http_host/bin/host_manager.py nginx-sync')
+    # sudo_cmd(c, '/data/ofm/venv/bin/python -u /data/ofm/http_host/bin/host_manager.py nginx-sync')
 
 
 if __name__ == '__main__':

ssh_lib/nginx.py

@@ -4,6 +4,7 @@ from ssh_lib.utils import (
     apt_get_purge,
     apt_get_update,
     exists,
+    get_latest_release_github,
     put,
     put_str,
     sudo_cmd,
@@ -67,3 +68,19 @@ def certbot(c):
 
     apt_get_purge(c, 'certbot')
     c.sudo('snap install --classic certbot', warn=True)
+
+
+def lego(c):
+    lego_version = get_latest_release_github('go-acme', 'lego')
+
+    url = f'https://github.com/go-acme/lego/releases/download/{lego_version}/lego_{lego_version}_linux_amd64.tar.gz'
+
+    c.run('rm -rf /tmp/lego*')
+    c.run('mkdir -p /tmp/lego')
+    c.run(
+        f'wget -q "{url}" -O /tmp/lego/out.tar.gz',
+    )
+    c.run('tar xzvf /tmp/lego/out.tar.gz -C /tmp/lego')
+    c.run('mv /tmp/lego/lego /usr/bin')
+    c.run('chmod +x /usr/bin/lego')
+    c.run('rm -rf /tmp/lego*')

ssh_lib/utils.py

@@ -3,6 +3,8 @@ import secrets
 import string
 from pathlib import Path
 
+import requests
+
 
 def put(
     c, local_path, remote_path, permissions=None, user='root', group=None, create_parent_dir=False
@@ -159,3 +161,14 @@ def enable_sudo(c, username, nopasswd=False):
         put_str(c, '/etc/sudoers.d/tmp.', f'{username} ALL=(ALL) NOPASSWD:ALL')
         set_permission(c, '/etc/sudoers.d/tmp.', permissions='440', user='root')
         c.sudo(f'mv /etc/sudoers.d/tmp. /etc/sudoers.d/{username}')
+
+
+def get_latest_release_github(user, repo):
+    url = f'https://api.github.com/repos/{user}/{repo}/releases/latest'
+    r = requests.get(url)
+    r.raise_for_status()
+
+    data = r.json()
+    assert data['tag_name'] == data['name']
+
+    return data['tag_name']