From 1ddec481e237a023859d0c81ca82ad5829c3e4a6 Mon Sep 17 00:00:00 2001
From: tavo-wasd <gustavo@gustavocalvo.xyz>
Date: Mon, 30 Oct 2023 13:35:03 -0600
Subject: [PATCH] ejabberd posix

---
 self_hosting/services/ejabberd/README.md      | 28 +++++++++---------
 .../ejabberd/certbot-cron-ejabberd.sh         | 11 +++++++
 system_administration/certbot-cron/README.md  | 29 +++++++++++++++++++
 .../certbot-cron/certbot-cron.sh              | 15 ++++++++++
 4 files changed, 69 insertions(+), 14 deletions(-)
 create mode 100644 self_hosting/services/ejabberd/certbot-cron-ejabberd.sh
 create mode 100644 system_administration/certbot-cron/README.md
 create mode 100644 system_administration/certbot-cron/certbot-cron.sh

diff --git a/self_hosting/services/ejabberd/README.md b/self_hosting/services/ejabberd/README.md
index 55758e1..9a16a72 100644
--- a/self_hosting/services/ejabberd/README.md
+++ b/self_hosting/services/ejabberd/README.md
@@ -2,12 +2,12 @@
 
 These are the ports needed for ejabberd to work.
 Ports 80 and 443 are needed for deploying and SSL certificate with certbot.
-Read more about ports in [ejabberd's docs](https://docs.ejabberd.im/admin/guide/security)
+Read more about ports in [ejabberd's docs](https://docs.ejabberd.im/admin/guide/security),
+to see which ports are needed for whatever modules you need.
 
 ```shell
-declare -a ports=("80" "443" "5222" "5223" "5269" "5280" "5443" "1883" "8883" "3478" "5349" "7777")
-
-for port in "${ports[@]}"; do ufw allow "$port" ; done
+set -- 80 443 5222 5223 5269 5280 5443 1883 8883 3478 5349 7777
+for port in "$@"; do ufw allow "$port" ; done
 ufw reload
 ```
 
@@ -23,20 +23,20 @@ systemctl enable --now ejabberd
 
 # Generate certs
 
-This is from [Nerd on the Street](https://github.com/nerdonthestreet).
-Change the DOMAIN variable to your preference.
+This is a slightly modified snippet from [Nerd on the Street](https://github.com/nerdonthestreet).
+Change the example.org to your preference.
 
 ```shell
-DOMAIN="example.org"
+#!/bin/sh
 
-# Set the domain names you want here, stun & turn are required for calls
-declare -a subdomains=("" "conference." "proxy." "pubsub." "upload." "stun." "turn.")
+set -- example.org conference.example.org proxy.example.org pubsub.example.org upload.example.org stun.example.org turn.example.org
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
 
-for i in "${subdomains[@]}"; do
-    certbot -d $i$DOMAIN certonly --standalone --register-unsafely-without-email --agree-tos
-    mkdir -p /etc/ejabberd/certs/$i$DOMAIN
-    cp /etc/letsencrypt/live/$i$DOMAIN/fullchain.pem /etc/ejabberd/certs/$i$DOMAIN
-    cp /etc/letsencrypt/live/$i$DOMAIN/privkey.pem /etc/ejabberd/certs/$i$DOMAIN
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    mkdir -p /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
 done
 ```
 
diff --git a/self_hosting/services/ejabberd/certbot-cron-ejabberd.sh b/self_hosting/services/ejabberd/certbot-cron-ejabberd.sh
new file mode 100644
index 0000000..4200639
--- /dev/null
+++ b/self_hosting/services/ejabberd/certbot-cron-ejabberd.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -- example.org conference.example.org proxy.example.org pubsub.example.org upload.example.org stun.example.org turn.example.org
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    mkdir -p /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done
diff --git a/system_administration/certbot-cron/README.md b/system_administration/certbot-cron/README.md
new file mode 100644
index 0000000..43d3a6a
--- /dev/null
+++ b/system_administration/certbot-cron/README.md
@@ -0,0 +1,29 @@
+# Script for automating certbot on the background
+
+```shell
+#!/bin/sh
+
+# Add the domains for which you need an ssl cert
+set -- example.org sub.example.org mail.example.org
+# Specify argunments for certbot
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    # The following commands move certs to a preconfigured ejabberd
+    # directory, ignore if not using ejabberd.
+    #mkdir -p /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done
+```
+
+# Or run as one command
+
+``` shell
+set -- example.org sub.example.org mail.example.org
+```
+
+``` shell
+for i in "$@"; do certbot -d $i certonly --standalone --register-unsafely-without-email --agree-tos; done
+```
diff --git a/system_administration/certbot-cron/certbot-cron.sh b/system_administration/certbot-cron/certbot-cron.sh
new file mode 100644
index 0000000..224fa56
--- /dev/null
+++ b/system_administration/certbot-cron/certbot-cron.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Add the domains for which you need an ssl cert
+set -- example.org sub.example.org mail.example.org
+# Specify argunments for certbot
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    # The following commands move certs to a preconfigured ejabberd
+    # directory, ignore if not using ejabberd.
+    #mkdir -p /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done