Configure TLS to work properly

packer/config.json

@@ -41,6 +41,11 @@
       "source": "riju-deploy",
       "destination": "/tmp/riju-deploy"
     },
+    {
+      "type": "file",
+      "source": "riju-install-certbot-hooks",
+      "destination": "/tmp/riju-install-certbot-hooks"
+    },
     {
       "type": "file",
       "source": "riju.service",

packer/provision.bash

@@ -18,10 +18,10 @@ deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
 EOF
 
 sudo -E apt-get update
-sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io whois
+sudo -E apt-get install -y certbot docker-ce docker-ce-cli containerd.io whois
 
 sudo chown root:root /tmp/riju /tmp/riju-deploy /tmp/riju.service
-sudo mv /tmp/riju /tmp/riju-deploy /usr/local/bin/
+sudo mv /tmp/riju /tmp/riju-deploy /tmp/riju-install-certbot-hooks /usr/local/bin/
 sudo mv /tmp/riju.service /etc/systemd/system/
 
 for user in admin deploy; do
@@ -55,4 +55,8 @@ sudo tee /etc/sudoers.d/riju >/dev/null <<"EOF"
 deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy
 EOF
 
+sudo tee /etc/hostname >/dev/null <<< riju
+
+sudo systemctl enable riju
+
 sudo passwd -l ubuntu

packer/riju-install-certbot-hooks

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+sudo tee /etc/letsencrypt/renewal-hooks/pre/riju >/dev/null <<"EOF"
+#!/usr/bin/env bash
+set -euo pipefail
+systemctl stop riju
+EOF
+
+sudo tee /etc/letsencrypt/renewal-hooks/post/riju >/dev/null <<"EOF"
+#!/usr/bin/env bash
+set -euo pipefail
+systemctl start riju
+EOF
+
+sudo chmod +x /etc/letsencrypt/renewal-hooks/pre/riju
+sudo chmod +x /etc/letsencrypt/renewal-hooks/post/riju