-
-
Save rlaager/d302efe87f342ebf854a610a2e37a5e7 to your computer and use it in GitHub Desktop.
Plex Hook for acmetool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # This script creates a plex.pfx file for use with plexmediaserver. | |
| # Also add plexmediaserver to SERVICES in /etc/default/acme-reload. | |
| # DEBUGGING NOTE: If you make changes to the configuration this will not | |
| # be reflected simply by rerunning 'acmetool', because this script is only | |
| # called when a symlink in 'live' is updated. You can force this script to | |
| # be rerun by deleting all symlinks in 'live' and running 'acmetool'. | |
| # | |
| # Output: | |
| # $ACME_STATE_DIR/live/$HOSTNAME/plex.pfx | |
| # The combined certificate file for a hostname. | |
| # | |
| # Configuration options: | |
| # /etc/{default,conf.d}/acme-reload | |
| # Sourced if they exist. Specify variables here. | |
| # Please note that most of the time, you don't need to specify anything. | |
| # | |
| # $PLEX_ALWAYS_GENERATE | |
| # If non-empty, always generate combined files. | |
| # | |
| # $PLEX_DAEMONS | |
| # Space-separated list of binaries to search for in path. If any are found | |
| # (or $PLEX_ALWAYS_GENERATE is set), generate combined files. | |
| # Append with PLEX_DAEMONS="$PLEX_DAEMONS mydaemon". | |
| # Defaults: see below. | |
| # | |
| # $PLEX_UMASK | |
| # Don't change this unless you know what you're doing. | |
| # If you change this, you must create a conf/perm file to reconfigure | |
| # acmetool's permissions enforcement. See _doc directory in repository. | |
| # Override path "certs/*/plex". | |
| ############################################################################### | |
| set -e | |
| EVENT_NAME="$1" | |
| [ "$EVENT_NAME" = "live-updated" ] || exit 42 | |
| # List of services. If any of these are in PATH (or PLEX_ALWAYS_GENERATE is | |
| # set), assume we need to generate combined files. | |
| PLEX_DAEMONS="plexmediaserver" | |
| PLEX_UMASK="0077" | |
| [ -e "/etc/default/acme-reload" ] && . /etc/default/acme-reload | |
| [ -e "/etc/conf.d/acme-reload" ] && . /etc/conf.d/acme-reload | |
| [ -z "$ACME_STATE_DIR" ] && ACME_STATE_DIR="/var/lib/acme" | |
| # Don't do anything if no daemon requiring combined files is found. | |
| [ -n "$PLEX_ALWAYS_GENERATE" ] || { | |
| ok= | |
| for exe in $PLEX_DAEMONS; do | |
| systemctl is-active "$exe".service >/dev/null 2>/dev/null && ok=1 && break | |
| done | |
| [ -z "$ok" ] && exit 0 | |
| } | |
| # Create coalesced files and a plex repository. | |
| umask 0022 | |
| mkdir -p "$ACME_STATE_DIR/plex" | |
| umask $PLEX_UMASK | |
| while read name; do | |
| certdir="$ACME_STATE_DIR/live/$name" | |
| if [ -z "$name" -o ! -e "$certdir" ]; then | |
| continue | |
| fi | |
| openssl pkcs12 -export -passout pass: -out "$certdir/plex.pfx" \ | |
| -inkey "$certdir/privkey" -in "$certdir/cert" -certfile "$certdir/chain" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment