pruning

scripts/install_services.sh

@@ -1,90 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Colors
-GREEN='\033[0;32m'
-RED='\033[0;31m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-
-log_info() {
-    echo -e "${YELLOW}[INFO]${NC} $1"
-}
-
-log_success() {
-    echo -e "${GREEN}[SUCCESS]${NC} $1"
-}
-
-log_error() {
-    echo -e "${RED}[ERROR]${NC} $1"
-}
-
-# Check for sudo/root
-if [ "$EUID" -ne 0 ]; then
-    log_error "Please run as root or with sudo"
-    exit 1
-fi
-
-# Determine paths
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
-SYSTEMD_DIR="$PROJECT_ROOT/systemd"
-DEST_DIR="/etc/systemd/system"
-
-SERVICE_FILE="cert-renewer.service"
-TIMER_FILE="cert-renewer.timer"
-
-install_unit() {
-    local unit_file=$1
-    local src_path="$SYSTEMD_DIR/$unit_file"
-    local dest_path="$DEST_DIR/$unit_file"
-
-    if [ ! -f "$src_path" ]; then
-        log_error "Source file not found: $src_path"
-        exit 1
-    fi
-
-    log_info "Installing $unit_file..."
-    
-    # Remove existing link or file if it exists to ensure clean install
-    if [ -L "$dest_path" ] || [ -f "$dest_path" ]; then
-        log_info "Removing existing $dest_path"
-        rm -f "$dest_path"
-    fi
-
-    # Create symlink
-    ln -s "$src_path" "$dest_path"
-    
-    if [ -L "$dest_path" ]; then
-        log_success "Linked $src_path to $dest_path"
-    else
-        log_error "Failed to link $unit_file"
-        exit 1
-    fi
-}
-
-# Main execution
-log_info "Starting installation of systemd services..."
-
-install_unit "$SERVICE_FILE"
-install_unit "$TIMER_FILE"
-
-log_info "Reloading systemd daemon..."
-systemctl daemon-reload
-log_success "Systemd daemon reloaded"
-
-log_info "Enabling and starting $TIMER_FILE..."
-systemctl enable --now "$TIMER_FILE"
-log_success "$TIMER_FILE enabled and started"
-
-log_info "Checking status of $TIMER_FILE..."
-if systemctl is-active --quiet "$TIMER_FILE"; then
-    systemctl status "$TIMER_FILE" --no-pager
-    echo ""
-    log_success "Installation complete!"
-else
-    log_error "$TIMER_FILE is not active"
-    systemctl status "$TIMER_FILE" --no-pager
-    exit 1
-fi

scripts/setup_wizard.sh

@@ -4,10 +4,22 @@ set -e
 
 # Colors
 GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
 RED='\033[0;31m'
+YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 
+log_info() {
+    echo -e "${YELLOW}[INFO]${NC} $1"
+}
+
+log_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
 # -----------------------------------------------------------------------------
 # Input Framework
 # -----------------------------------------------------------------------------
@@ -30,7 +42,7 @@ get_input() {
     local prompt_full="${GREEN}${prompt_text}${NC}"
 
     if [ -n "$default_value" ]; then
-        prompt_full+=" ${YELLOW}[$default_value]${NC}"
+        prompt_full+=" [$default_value]"
     fi
     prompt_full+=": "
 
@@ -60,6 +72,7 @@ get_input() {
 
     # Set the variable dynamically in the parent scope
     printf -v "$var_name" "%s" "$input_val"
+    export "$var_name=$input_val"
 }
 
 # Function to confirm collected inputs
@@ -84,6 +97,17 @@ confirm_inputs() {
     fi
 }
 
+install_unit() {
+    local template_url=$1
+    local filename=$(basename "$template_url")
+    local dest_path=/etc/systemd/system/"$filename"
+
+    log_info "Installing $filename..."
+
+    curl -sL $template_url | envsubst > "$dest_path"
+    log_success "$filename installed to $dest_path"
+}
+
 # -----------------------------------------------------------------------------
 # Script Logic
 # -----------------------------------------------------------------------------
@@ -94,10 +118,28 @@ echo "-----------------------------"
 # 1. Collect Inputs
 # Example:
 get_input "HOST_NAME" "Enter Hostname" "$(hostname)" "false"
-# get_input "ADMIN_PASS" "Enter Admin Password" "" "true"
+get_input "CERT_DIR" "Enter directory for certificates" "$(step path)/certs" "false"
+get_input "CERT_LOCATION" "Enter specific path for cert" "${CERT_DIR}/${HOSTNAME}.crt" "false"
+get_input "KEY_LOCATION" "Enter specific path for private key" "${CERT_DIR}/${HOSTNAME}.key" "false"
+
+export CERT_LOCATION=$(readlink -f $CERT_LOCATION)
+export KEY_LOCATION=$(readlink -f $KEY_LOCATION)
 
 # 2. Confirm
-# confirm_inputs "HOST_NAME" "ADMIN_PASS"
+confirm_inputs "CERT_LOCATION" "KEY_LOCATION"
+
+# 3. Configure
+REPO_URL_BASE=https://gitea.john-stream.com/john/soteria/raw/branch/main/
+SERVICE_TEMPLATE_URL="${REPO_URL_BASE}systemd/cert-renewer.service"
+TIMER_TEMPLATE_URL="${REPO_URL_BASE}systemd/cert-renewer.timer"
 
 # 3. Execute
 # echo "Configuring $HOST_NAME..."
+install_unit ${SERVICE_TEMPLATE_URL}
+install_unit ${TIMER_TEMPLATE_URL}
+
+systemctl daemon-reload
+systemctl enable --now "$(basename "${TIMER_TEMPLATE_URL}")"
+
+systemctl status "$(basename "${SERVICE_TEMPLATE_URL}")" --no-pager
+systemctl status "$(basename "${TIMER_TEMPLATE_URL}")" --no-pager

systemd/cert-renewer.service

@@ -9,9 +9,6 @@ StartLimitIntervalSec=0
 Type=oneshot
 User=root
 
-Environment=CERT_LOCATION=/home/john/soteria/certs/soteria.crt \
-            KEY_LOCATION=/home/john/soteria/certs/soteria.key
-
 ; ExecCondition checks if the certificate is ready for renewal,
 ; based on the exit status of the command.
 ; (In systemd <242, you can use ExecStartPre= here.)
@@ -20,8 +17,8 @@ ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
 ; ExecStart renews the certificate, if ExecStartPre was successful.
 ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
 
-ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
-ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
+; ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
+; ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
 
 [Install]
 WantedBy=multi-user.target