okseby/sebys-hosting-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix certbot section

Browse source
This commit is contained in:
Sebastian Cabrera 2026-02-26 16:45:42 -05:00
parent 137a6f1f00
commit 487c32ba16
Signed by: okseby
GPG key ID: 37783FE2501AE402
1 changed files with 48 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

128
install-wings.sh
View file

@ -1,13 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
# Interactive installer for Docker + (optional) Certbot SSL + Calagopus Wings (calagopus/wings) # Seby's Calagopus Wings Installer
# Intended usage: # Designed for curl | bash usage
# curl -fsSL https://example.com/install-wings.sh | bash
#
# Notes:
# - Prompts read from /dev/tty so it still works when piped from curl.
# - Default answers are conservative (Docker install: NO, SSL setup: NO, reboot: NO).
######################################## ########################################
# helpers # helpers
@ -22,7 +17,7 @@ have() { command -v "$1" >/dev/null 2>&1; }
need_tty() { need_tty() {
if [[ ! -r "$TTY" || ! -w "$TTY" ]]; then if [[ ! -r "$TTY" || ! -w "$TTY" ]]; then
err "No TTY available for interactive prompts. Run in an interactive shell." err "No interactive TTY available."
exit 1 exit 1
fi fi
} }
@ -47,7 +42,7 @@ require_root_or_sudo() {
if have sudo; then if have sudo; then
SUDO="sudo" SUDO="sudo"
else else
err "This script needs root privileges (or sudo). Re-run as root or install sudo." err "Root or sudo required."
exit 1 exit 1
fi fi
else else
@ -56,11 +51,13 @@ require_root_or_sudo() {
} }
apt_install() { apt_install() {
local pkgs=("$@")
$SUDO apt-get update -y $SUDO apt-get update -y
$SUDO apt-get install -y "${pkgs[@]}" $SUDO apt-get install -y "$@"
} }
########################################
# SSL config updater
########################################
update_wings_ssl_config() { update_wings_ssl_config() {
local domain="$1" local domain="$1"
local cfg="/etc/calagopus/config.yml" local cfg="/etc/calagopus/config.yml"
@ -68,51 +65,40 @@ update_wings_ssl_config() {
local key="/etc/letsencrypt/live/${domain}/privkey.pem" local key="/etc/letsencrypt/live/${domain}/privkey.pem"
if [[ ! -f "$cfg" ]]; then if [[ ! -f "$cfg" ]]; then
warn "Calagopus config not found at $cfg; skipping SSL config update." warn "Config not found at $cfg — skipping SSL update."
return 0 return
fi fi
if [[ ! -f "$cert" || ! -f "$key" ]]; then say "Updating SSL section in $cfg"
warn "Certbot files not found ($cert / $key); skipping SSL config update."
return 0
fi
say "Updating Calagopus SSL settings in $cfg (backup: ${cfg}.bak)..."
$SUDO cp -a "$cfg" "${cfg}.bak" $SUDO cp -a "$cfg" "${cfg}.bak"
# Update the 'ssl:' block values (assumes the block exists with standard indentation)
$SUDO awk -v cert="$cert" -v key="$key" ' $SUDO awk -v cert="$cert" -v key="$key" '
BEGIN { inssl=0 } BEGIN { inssl=0 }
{ {
if ($0 ~ /^ ssl:[[:space:]]*$/) { inssl=1; print; next } if ($0 ~ /^ ssl:[[:space:]]*$/) { inssl=1; print; next }
if (inssl==1) { if (inssl==1) {
# leave ssl block when we hit the next top-level (two-space) section
if ($0 ~ /^ [^[:space:]]/ && $0 !~ /^ ssl:/) { inssl=0 } if ($0 ~ /^ [^[:space:]]/ && $0 !~ /^ ssl:/) { inssl=0 }
else if ($0 ~ /^ enabled:/) { print " enabled: true"; next } else if ($0 ~ /^ enabled:/) { print " enabled: true"; next }
else if ($0 ~ /^ cert:/) { print " cert: " cert; next } else if ($0 ~ /^ cert:/) { print " cert: " cert; next }
else if ($0 ~ /^ key:/) { print " key: " key; next } else if ($0 ~ /^ key:/) { print " key: " key; next }
} }
print print
} }
' "$cfg" | $SUDO tee "$cfg" >/dev/null ' "$cfg" | $SUDO tee "$cfg" >/dev/null
say "Calagopus SSL block updated."
} }
######################################## ########################################
# checks # Start
######################################## ########################################
need_tty need_tty
require_root_or_sudo require_root_or_sudo
if ! have apt-get; then if ! have apt-get; then
err "This script currently supports Debian/Ubuntu (apt)." err "Only Debian/Ubuntu systems supported."
exit 1 exit 1
fi fi
say "Calagopus Wings bootstrap (Docker + optional SSL + Wings binary)" say "Calagopus Wings Installer"
######################################## ########################################
# Docker # Docker
@ -120,30 +106,31 @@ say "Calagopus Wings bootstrap (Docker + optional SSL + Wings binary)"
if have docker; then if have docker; then
say "Docker detected: $(docker --version || true)" say "Docker detected: $(docker --version || true)"
else else
warn "Docker is NOT installed." warn "Docker not installed."
if confirm_default_no "Install Docker now?"; then if confirm_default_no "Install Docker?"; then
say "Installing Docker via get.docker.com (CHANNEL=stable)..."
apt_install ca-certificates curl apt_install ca-certificates curl
curl -fsSL https://get.docker.com/ | CHANNEL=stable $SUDO bash curl -fsSL https://get.docker.com/ | CHANNEL=stable $SUDO bash
say "Docker installed: $(docker --version || true)"
else else
err "Docker is required for Wings. Exiting because you chose not to install Docker." err "Docker required. Exiting."
exit 1 exit 1
fi fi
fi fi
######################################## ########################################
# Optional SSL (Certbot standalone) # SSL (Certbot standalone)
######################################## ########################################
DO_SSL=false DO_SSL=false
DOMAIN="" DOMAIN=""
EMAIL=""
if confirm_default_no "Set up SSL with certbot (standalone) now?"; then if confirm_default_no "Set up SSL with certbot (standalone)?"; then
DOMAIN="$(prompt "Enter domain (e.g. node.example.com): ")"
EMAIL="$(prompt "Enter email for Let's Encrypt notices: ")"
if [[ -n "$DOMAIN" && -n "$EMAIL" ]]; then
DO_SSL=true DO_SSL=true
DOMAIN="$(prompt "Enter the domain name to issue a cert for (e.g. node1.example.com): ")" else
if [[ -z "$DOMAIN" ]]; then err "Domain and email required for SSL. Skipping."
err "No domain entered. Skipping SSL."
DO_SSL=false
fi fi
fi fi
@ -151,29 +138,30 @@ if $DO_SSL; then
say "Installing certbot..." say "Installing certbot..."
apt_install certbot apt_install certbot
say "Requesting certificate for: $DOMAIN" warn "Ports 80/443 must be open and unused."
warn "Certbot standalone requires ports 80/443 to be reachable and not in use."
$SUDO certbot certonly --standalone -d "$DOMAIN" $SUDO certbot certonly \
--standalone \
-d "$DOMAIN" \
--non-interactive \
--agree-tos \
--email "$EMAIL" \
--no-eff-email
# Update Calagopus config.yml ssl section
update_wings_ssl_config "$DOMAIN" update_wings_ssl_config "$DOMAIN"
fi fi
######################################## ########################################
# Download Wings binary (calagopus/wings) # Download Wings
######################################## ########################################
say "Downloading Wings binary..." say "Downloading Wings binary..."
ARCH="$(uname -m)" ARCH="$(uname -m)"
case "$ARCH" in case "$ARCH" in
x86_64|amd64) x86_64|amd64) WINGS_ARCH="x86_64" ;;
WINGS_ARCH="x86_64" aarch64|arm64) WINGS_ARCH="aarch64" ;;
;;
aarch64|arm64)
WINGS_ARCH="aarch64"
;;
*) *)
err "Unsupported architecture: $ARCH (expected x86_64/amd64 or aarch64/arm64)." err "Unsupported architecture: $ARCH"
exit 1 exit 1
;; ;;
esac esac
@ -181,8 +169,6 @@ esac
WINGS_URL="https://github.com/calagopus/wings/releases/latest/download/wings-rs-${WINGS_ARCH}-linux" WINGS_URL="https://github.com/calagopus/wings/releases/latest/download/wings-rs-${WINGS_ARCH}-linux"
WINGS_BIN="/usr/local/bin/wings" WINGS_BIN="/usr/local/bin/wings"
say "Detected arch: $ARCH -> using asset: wings-rs-${WINGS_ARCH}-linux"
say "Downloading: $WINGS_URL"
$SUDO curl -fL "$WINGS_URL" -o "$WINGS_BIN" $SUDO curl -fL "$WINGS_URL" -o "$WINGS_BIN"
$SUDO chmod +x "$WINGS_BIN" $SUDO chmod +x "$WINGS_BIN"
@ -190,45 +176,25 @@ say "Wings installed to $WINGS_BIN"
"$WINGS_BIN" version || true "$WINGS_BIN" version || true
######################################## ########################################
# Configure Wings (join-data) # Configure
######################################## ########################################
say "Wings configuration" if confirm_default_no "Run wings configure --join-data now?"; then
JOIN_DATA="$(prompt "Paste join-data string: ")"
JOIN_DATA="" if [[ -n "$JOIN_DATA" ]]; then
if confirm_default_no "Run 'wings configure --join-data ...' now?"; then
JOIN_DATA="$(prompt "Paste the join-data string from your Calagopus panel (it can be long): ")"
if [[ -z "$JOIN_DATA" ]]; then
err "No join-data provided; skipping wings configure."
else
$SUDO mkdir -p /etc/calagopus $SUDO mkdir -p /etc/calagopus
$SUDO "$WINGS_BIN" configure --join-data "$JOIN_DATA" $SUDO "$WINGS_BIN" configure --join-data "$JOIN_DATA"
say "Wings configured."
fi fi
else
warn "Skipping 'wings configure'. You'll need to configure manually later."
fi
if [[ -t 0 ]] && [[ -t 1 ]] && confirm_default_no "Open /etc/calagopus/config.yml in nano now?"; then
$SUDO nano /etc/calagopus/config.yml
fi fi
######################################## ########################################
# Install & start service # Install Service
######################################## ########################################
if confirm_default_no "Install Wings as a systemd service now? (wings service-install)"; then if confirm_default_no "Install as systemd service? (wings service-install)"; then
$SUDO "$WINGS_BIN" service-install $SUDO "$WINGS_BIN" service-install
say "Service status:"
$SUDO systemctl --no-pager status wings || true $SUDO systemctl --no-pager status wings || true
else
warn "Skipping service installation."
fi fi
######################################## ########################################
# Optional reboot # Done
######################################## ########################################
if confirm_default_no "Reboot now?"; then say "Installation complete."
say "Rebooting..."
$SUDO reboot
else
say "Done. No reboot performed."
fi