- nm-certs.sh switched to dockerized certbot

- nm-quick.sh removed certbot from deps

scripts/nm-certs.sh

@@ -15,14 +15,10 @@ if [ -z "$NM_DOMAIN" ] || [ -z "$NM_EMAIL" ]; then
 fi
 
 # TODO make sure this doesnt break, parse `certbot certificates` if yes
-CERT_DIR=/etc/letsencrypt/live/stun.$NM_DOMAIN
+CERT_DIR="$SCRIPT_DIR/letsencrypt/live/stun.$NM_DOMAIN"
 
 echo "Setting up SSL certificates..."
 
-# get the zerossl wrapper for certbot
-wget -qO /root/zerossl-bot.sh "https://github.com/zerossl/zerossl-bot/raw/master/zerossl-bot.sh"
-chmod +x /root/zerossl-bot.sh
-
 # preserve the env state
 RESTART_CADDY=false
 if [ -n "$(docker ps | grep caddy)" ]; then
@@ -31,8 +27,18 @@ if [ -n "$(docker ps | grep caddy)" ]; then
 	docker-compose -f /root/docker-compose.yml stop caddy
 fi
 
-# request certs
-./zerossl-bot.sh certonly --standalone \
+# generate an entrypoint for certbot
+cat <<EOF > "$SCRIPT_DIR/certbot-entry.sh"
+#!/bin/sh
+# deps
+apk add bash curl
+# zerossl
+wget -qO zerossl-bot.sh "https://github.com/zerossl/zerossl-bot/raw/master/zerossl-bot.sh"
+chmod +x zerossl-bot.sh
+# request the certs
+./zerossl-bot.sh \
+	certonly --standalone \
+	--non-interactive \
 	-m "$NM_EMAIL" \
 	-d "stun.$NM_DOMAIN" \
 	-d "broker.$NM_DOMAIN" \
@@ -41,11 +47,23 @@ fi
 	-d "netmaker-exporter.$NM_DOMAIN" \
 	-d "grafana.$NM_DOMAIN" \
 	-d "prometheus.$NM_DOMAIN"
+EOF
+chmod +x certbot-entry.sh
+
+# request certs
+sudo docker run -it --rm --name certbot \
+	-p 80:80 -p 443:443 \
+	-v "$SCRIPT_DIR/certbot-entry.sh:/opt/certbot/certbot-entry.sh" \
+	-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
+	--entrypoint "/opt/certbot/certbot-entry.sh" \
+	certbot/certbot
 
-# TODO fallback to letsencrypt
+# clean up
+rm "$SCRIPT_DIR/certbot-entry.sh"
 
 # check if successful
 if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
+	# TODO fallback to letsencrypt
 	echo "Missing file: $CERT_DIR/fullchain.pem"
 	echo "SSL certificates failed"
 	exit 1

scripts/nm-quick.sh

@@ -284,35 +284,35 @@ install_dependencies() {
 
 	OS=$(uname)
 	if [ -f /etc/debian_version ]; then
-		dependencies="git wireguard wireguard-tools dnsutils jq docker.io certbot docker-compose python-is-python3"
+		dependencies="git wireguard wireguard-tools dnsutils jq docker.io docker-compose"
 		update_cmd='apt update'
 		install_cmd='apt-get install -y'
 	elif [ -f /etc/alpine-release ]; then
-		dependencies="git wireguard jq docker.io certbot docker-compose"
+		dependencies="git wireguard jq docker.io docker-compose"
 		update_cmd='apk update'
 		install_cmd='apk --update add'
 	elif [ -f /etc/centos-release ]; then
-		dependencies="git wireguard jq bind-utils docker.io certbot docker-compose"
+		dependencies="git wireguard jq bind-utils docker.io docker-compose"
 		update_cmd='yum update'
 		install_cmd='yum install -y'
 	elif [ -f /etc/fedora-release ]; then
-		dependencies="git wireguard bind-utils jq docker.io certbot docker-compose"
+		dependencies="git wireguard bind-utils jq docker.io docker-compose"
 		update_cmd='dnf update'
 		install_cmd='dnf install -y'
 	elif [ -f /etc/redhat-release ]; then
-		dependencies="git wireguard jq docker.io bind-utils certbot docker-compose"
+		dependencies="git wireguard jq docker.io bind-utils docker-compose"
 		update_cmd='yum update'
 		install_cmd='yum install -y'
 	elif [ -f /etc/arch-release ]; then
-		dependencies="git wireguard-tools dnsutils jq docker.io certbot docker-compose"
+		dependencies="git wireguard-tools dnsutils jq docker.io docker-compose"
 		update_cmd='pacman -Sy'
 		install_cmd='pacman -S --noconfirm'
 	elif [ "${OS}" = "FreeBSD" ]; then
-		dependencies="git wireguard wget jq docker.io certbot docker-compose"
+		dependencies="git wireguard wget jq docker.io docker-compose"
 		update_cmd='pkg update'
 		install_cmd='pkg install -y'
 	elif [ -f /etc/turris-version ]; then
-		dependencies="git wireguard-tools bash jq docker.io certbot docker-compose"
+		dependencies="git wireguard-tools bash jq docker.io docker-compose"
 		OS="TurrisOS"
 		update_cmd='opkg update'
 		install_cmd='opkg install'