From 162e10d25951757ac709da9bdf41c0dfbc7bd8e6 Mon Sep 17 00:00:00 2001
From: Radon Rosborough <radon.neon@gmail.com>
Date: Fri, 1 Jan 2021 12:01:51 -0800
Subject: [PATCH] Configure TLS to work properly

---
 packer/{server.json => config.json} |  5 +++++
 packer/provision.bash               |  8 ++++++--
 packer/riju-install-certbot-hooks   | 18 ++++++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)
 rename packer/{server.json => config.json} (92%)
 create mode 100755 packer/riju-install-certbot-hooks

diff --git a/packer/server.json b/packer/config.json
similarity index 92%
rename from packer/server.json
rename to packer/config.json
index 97ec28b..8693dd1 100644
--- a/packer/server.json
+++ b/packer/config.json
@@ -41,6 +41,11 @@
       "source": "riju-deploy",
       "destination": "/tmp/riju-deploy"
     },
+    {
+      "type": "file",
+      "source": "riju-install-certbot-hooks",
+      "destination": "/tmp/riju-install-certbot-hooks"
+    },
     {
       "type": "file",
       "source": "riju.service",
diff --git a/packer/provision.bash b/packer/provision.bash
index 477c262..c709b8f 100644
--- a/packer/provision.bash
+++ b/packer/provision.bash
@@ -18,10 +18,10 @@ deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
 EOF
 
 sudo -E apt-get update
-sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io whois
+sudo -E apt-get install -y certbot docker-ce docker-ce-cli containerd.io whois
 
 sudo chown root:root /tmp/riju /tmp/riju-deploy /tmp/riju.service
-sudo mv /tmp/riju /tmp/riju-deploy /usr/local/bin/
+sudo mv /tmp/riju /tmp/riju-deploy /tmp/riju-install-certbot-hooks /usr/local/bin/
 sudo mv /tmp/riju.service /etc/systemd/system/
 
 for user in admin deploy; do
@@ -55,4 +55,8 @@ sudo tee /etc/sudoers.d/riju >/dev/null <<"EOF"
 deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy
 EOF
 
+sudo tee /etc/hostname >/dev/null <<< riju
+
+sudo systemctl enable riju
+
 sudo passwd -l ubuntu
diff --git a/packer/riju-install-certbot-hooks b/packer/riju-install-certbot-hooks
new file mode 100755
index 0000000..d83cd8b
--- /dev/null
+++ b/packer/riju-install-certbot-hooks
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+sudo tee /etc/letsencrypt/renewal-hooks/pre/riju >/dev/null <<"EOF"
+#!/usr/bin/env bash
+set -euo pipefail
+systemctl stop riju
+EOF
+
+sudo tee /etc/letsencrypt/renewal-hooks/post/riju >/dev/null <<"EOF"
+#!/usr/bin/env bash
+set -euo pipefail
+systemctl start riju
+EOF
+
+sudo chmod +x /etc/letsencrypt/renewal-hooks/pre/riju
+sudo chmod +x /etc/letsencrypt/renewal-hooks/post/riju