Import-certs: concat.pem; cert.pem and cert.crt symlinks; restart services

1 files changed, 28 insertions, 0 deletions

diff --git a/share/hydra/import-certs b/share/hydra/import-certs
index 63cb935..74f8d21 100755
--- a/share/hydra/import-certs
+++ b/share/hydra/import-certs
@@ -55,6 +55,8 @@ EOF
   keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
     cert="`basename $cert .asc`"
     priv="`basename $cert .crt`.pem"
+    prefix="`basename $cert .crt`"
+    domain="`facter domain`"
 
     $HYDRA_CONNECT $hostname <<EOF
       sudo touch               /etc/ssl/certs/$cert
@@ -72,5 +74,31 @@ EOF
     echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
     keyringer $HYDRA decrypt ssl/$priv | \
       $HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+
+    # Post-processing
+    $HYDRA_CONNECT $hostname <<EOF
+      # Symlinks for the main cert and key
+      if [ "$prefix" == "$domain" ] && [ -e "" ]; then
+        cd /etc/ssl/certs   && sudo ln -s $cert cert.crt
+        cd /etc/ssl/private && sudo ln -s $priv cert.pem
+      fi
+
+      # Concatenated cert
+      cd /etc/ssl/private
+      sudo touch                      $prefix-concat.pem
+      sudo chown root.ssl-cert        $prefix-concat.pem
+      sudo chmod 640                  $prefix-concat.pem
+      sudo cp    /etc/ssl/certs/$cert $prefix-concat.pem
+      sudo cat   $priv | sudo tee -a  $prefix-concat.pem > /dev/null
+
+      # Restart services
+      services="apache2 postfix nginx lighttpd mumble"
+      for service in \$services; do
+        if systemctl list-units | grep active | grep -q $service'.service'; then
+          sudo service $service restart
+        fi
+      done
+EOF
+
   done
 done