fix certbot section

2026-02-26 16:45:42 -05:00 · 2026-02-26 16:45:42 -05:00 · 487c32ba16
commit 487c32ba16
parent 137a6f1f00
1 changed files with 48 additions and 82 deletions
--- a/install-wings.sh
+++ b/install-wings.sh
@ -1,13 +1,8 @@
 #!/usr/bin/env bash
 set -euo pipefail

-# Interactive installer for Docker + (optional) Certbot SSL + Calagopus Wings (calagopus/wings)
-# Intended usage:
-#   curl -fsSL https://example.com/install-wings.sh | bash
-#
-# Notes:
-# - Prompts read from /dev/tty so it still works when piped from curl.
-# - Default answers are conservative (Docker install: NO, SSL setup: NO, reboot: NO).
+# Seby's Calagopus Wings Installer
+# Designed for curl | bash usage

 ########################################
 # helpers
@ -22,7 +17,7 @@ have() { command -v "$1" >/dev/null 2>&1; }

 need_tty() {
  if [[ ! -r "$TTY" || ! -w "$TTY" ]]; then
-    err "No TTY available for interactive prompts. Run in an interactive shell."
+    err "No interactive TTY available."
    exit 1
  fi
 }
@ -47,7 +42,7 @@ require_root_or_sudo() {
    if have sudo; then
      SUDO="sudo"
    else
-      err "This script needs root privileges (or sudo). Re-run as root or install sudo."
+      err "Root or sudo required."
      exit 1
    fi
  else
@ -56,11 +51,13 @@ require_root_or_sudo() {
 }

 apt_install() {
-  local pkgs=("$@")
  $SUDO apt-get update -y
-  $SUDO apt-get install -y "${pkgs[@]}"
+  $SUDO apt-get install -y "$@"
 }

+########################################
+# SSL config updater
+########################################
 update_wings_ssl_config() {
  local domain="$1"
  local cfg="/etc/calagopus/config.yml"
@ -68,51 +65,40 @@ update_wings_ssl_config() {
  local key="/etc/letsencrypt/live/${domain}/privkey.pem"

  if [[ ! -f "$cfg" ]]; then
-    warn "Calagopus config not found at $cfg; skipping SSL config update."
-    return 0
+    warn "Config not found at $cfg — skipping SSL update."
+    return
  fi

-  if [[ ! -f "$cert" || ! -f "$key" ]]; then
-    warn "Certbot files not found ($cert / $key); skipping SSL config update."
-    return 0
-  fi
-
-  say "Updating Calagopus SSL settings in $cfg (backup: ${cfg}.bak)..."
+  say "Updating SSL section in $cfg"
  $SUDO cp -a "$cfg" "${cfg}.bak"

-  # Update the 'ssl:' block values (assumes the block exists with standard indentation)
  $SUDO awk -v cert="$cert" -v key="$key" '
    BEGIN { inssl=0 }
    {
      if ($0 ~ /^  ssl:[[:space:]]*$/) { inssl=1; print; next }
-
      if (inssl==1) {
-        # leave ssl block when we hit the next top-level (two-space) section
        if ($0 ~ /^  [^[:space:]]/ && $0 !~ /^  ssl:/) { inssl=0 }
        else if ($0 ~ /^    enabled:/) { print "    enabled: true"; next }
        else if ($0 ~ /^    cert:/)    { print "    cert: " cert; next }
        else if ($0 ~ /^    key:/)     { print "    key: " key; next }
      }
-
      print
    }
  ' "$cfg" | $SUDO tee "$cfg" >/dev/null
-
-  say "Calagopus SSL block updated."
 }

 ########################################
-# checks
+# Start
 ########################################
 need_tty
 require_root_or_sudo

 if ! have apt-get; then
-  err "This script currently supports Debian/Ubuntu (apt)."
+  err "Only Debian/Ubuntu systems supported."
  exit 1
 fi

-say "Calagopus Wings bootstrap (Docker + optional SSL + Wings binary)"
+say "Calagopus Wings Installer"

 ########################################
 # Docker
@ -120,30 +106,31 @@ say "Calagopus Wings bootstrap (Docker + optional SSL + Wings binary)"
 if have docker; then
  say "Docker detected: $(docker --version || true)"
 else
-  warn "Docker is NOT installed."
-  if confirm_default_no "Install Docker now?"; then
-    say "Installing Docker via get.docker.com (CHANNEL=stable)..."
+  warn "Docker not installed."
+  if confirm_default_no "Install Docker?"; then
    apt_install ca-certificates curl
    curl -fsSL https://get.docker.com/ | CHANNEL=stable $SUDO bash
-    say "Docker installed: $(docker --version || true)"
  else
-    err "Docker is required for Wings. Exiting because you chose not to install Docker."
+    err "Docker required. Exiting."
    exit 1
  fi
 fi

 ########################################
-# Optional SSL (Certbot standalone)
+# SSL (Certbot standalone)
 ########################################
 DO_SSL=false
 DOMAIN=""
+EMAIL=""

-if confirm_default_no "Set up SSL with certbot (standalone) now?"; then
+if confirm_default_no "Set up SSL with certbot (standalone)?"; then
+  DOMAIN="$(prompt "Enter domain (e.g. node.example.com): ")"
+  EMAIL="$(prompt "Enter email for Let's Encrypt notices: ")"
+
+  if [[ -n "$DOMAIN" && -n "$EMAIL" ]]; then
    DO_SSL=true
-  DOMAIN="$(prompt "Enter the domain name to issue a cert for (e.g. node1.example.com): ")"
-  if [[ -z "$DOMAIN" ]]; then
-    err "No domain entered. Skipping SSL."
-    DO_SSL=false
+  else
+    err "Domain and email required for SSL. Skipping."
  fi
 fi

@ -151,29 +138,30 @@ if $DO_SSL; then
  say "Installing certbot..."
  apt_install certbot

-  say "Requesting certificate for: $DOMAIN"
-  warn "Certbot standalone requires ports 80/443 to be reachable and not in use."
-  $SUDO certbot certonly --standalone -d "$DOMAIN"
+  warn "Ports 80/443 must be open and unused."
+
+  $SUDO certbot certonly \
+    --standalone \
+    -d "$DOMAIN" \
+    --non-interactive \
+    --agree-tos \
+    --email "$EMAIL" \
+    --no-eff-email

-  # Update Calagopus config.yml ssl section
  update_wings_ssl_config "$DOMAIN"
 fi

 ########################################
-# Download Wings binary (calagopus/wings)
+# Download Wings
 ########################################
 say "Downloading Wings binary..."

 ARCH="$(uname -m)"
 case "$ARCH" in
-  x86_64|amd64)
-    WINGS_ARCH="x86_64"
-    ;;
-  aarch64|arm64)
-    WINGS_ARCH="aarch64"
-    ;;
+  x86_64|amd64) WINGS_ARCH="x86_64" ;;
+  aarch64|arm64) WINGS_ARCH="aarch64" ;;
  *)
-    err "Unsupported architecture: $ARCH (expected x86_64/amd64 or aarch64/arm64)."
+    err "Unsupported architecture: $ARCH"
    exit 1
    ;;
 esac
@ -181,8 +169,6 @@ esac
 WINGS_URL="https://github.com/calagopus/wings/releases/latest/download/wings-rs-${WINGS_ARCH}-linux"
 WINGS_BIN="/usr/local/bin/wings"

-say "Detected arch: $ARCH -> using asset: wings-rs-${WINGS_ARCH}-linux"
-say "Downloading: $WINGS_URL"
 $SUDO curl -fL "$WINGS_URL" -o "$WINGS_BIN"
 $SUDO chmod +x "$WINGS_BIN"

@ -190,45 +176,25 @@ say "Wings installed to $WINGS_BIN"
 "$WINGS_BIN" version || true

 ########################################
-# Configure Wings (join-data)
+# Configure
 ########################################
-say "Wings configuration"
-
-JOIN_DATA=""
-if confirm_default_no "Run 'wings configure --join-data ...' now?"; then
-  JOIN_DATA="$(prompt "Paste the join-data string from your Calagopus panel (it can be long): ")"
-  if [[ -z "$JOIN_DATA" ]]; then
-    err "No join-data provided; skipping wings configure."
-  else
+if confirm_default_no "Run wings configure --join-data now?"; then
+  JOIN_DATA="$(prompt "Paste join-data string: ")"
+  if [[ -n "$JOIN_DATA" ]]; then
    $SUDO mkdir -p /etc/calagopus
    $SUDO "$WINGS_BIN" configure --join-data "$JOIN_DATA"
-    say "Wings configured."
  fi
-else
-  warn "Skipping 'wings configure'. You'll need to configure manually later."
-fi
-
-if [[ -t 0 ]] && [[ -t 1 ]] && confirm_default_no "Open /etc/calagopus/config.yml in nano now?"; then
-  $SUDO nano /etc/calagopus/config.yml
 fi

 ########################################
-# Install & start service
+# Install Service
 ########################################
-if confirm_default_no "Install Wings as a systemd service now? (wings service-install)"; then
+if confirm_default_no "Install as systemd service? (wings service-install)"; then
  $SUDO "$WINGS_BIN" service-install
-  say "Service status:"
  $SUDO systemctl --no-pager status wings || true
-else
-  warn "Skipping service installation."
 fi

 ########################################
-# Optional reboot
+# Done
 ########################################
-if confirm_default_no "Reboot now?"; then
-  say "Rebooting..."
-  $SUDO reboot
-else
-  say "Done. No reboot performed."
-fi
+say "Installation complete."