Last active
September 22, 2020 10:07
-
-
Save caguiclajmg/6f8a7295b7edbde72de1ddbf419ffae5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # . <(curl https://gist.githubusercontent.com/caguiclajmg/6f8a7295b7edbde72de1ddbf419ffae5/raw/centos-kvm.sh) | |
| if [ -z "$HOSTNAME" ]; then read -p 'Hostname: ' HOSTNAME; fi | |
| if [ -z "$DOMAIN" ]; then read -p 'Domain: ' DOMAIN; fi | |
| if [ -z "$EMAIL" ]; then read -p 'Email: ' EMAIL; fi | |
| FQDN=${HOSTNAME}.${DOMAIN} | |
| # Perform an initial system update | |
| dnf update -y | |
| # Install libvirt | |
| dnf module install virt -y | |
| systemctl enable --now libvirtd | |
| # Install cockpit | |
| dnf install cockpit cockpit-machines cockpit-dashboard -y | |
| systemctl enable cockpit.socket | |
| # Install certbot | |
| dnf install certbot -y | |
| # Get cockpit certificate using certbot | |
| certbot certonly -d ${FQDN} --standalone -n --agree-tos -m ${EMAIL} | |
| # Create deploy hook for certificate renewal | |
| mkdir -p /etc/letsencrypt/renewal-hooks/deploy | |
| cat <<EOF > /etc/letsencrypt/renewal-hooks/deploy/cockpit.sh | |
| #!/bin/sh | |
| mkdir -p /etc/cockpit/ws-certs.d | |
| cat /etc/letsencrypt/live/${FQDN}/fullchain.pem > /etc/cockpit/ws-certs.d/0-${FQDN}.cert | |
| cat /etc/letsencrypt/live/${FQDN}/privkey.pem >> /etc/cockpit/ws-certs.d/0-${FQDN}.cert | |
| systemctl is-active --quiet cockpit.socket && systemctl restart cockpit.socket | |
| EOF | |
| chmod a+x /etc/letsencrypt/renewal-hooks/deploy/cockpit.sh | |
| # Run deply hook manually | |
| /etc/letsencrypt/renewal-hooks/deploy/cockpit.sh | |
| # Start cockpit | |
| systemctl start cockpit.socket |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment