From 4a9174cf54b3ca1f9854774fc839b0f8acf96386 Mon Sep 17 00:00:00 2001
From: fedy95 <fedy95@protonmail.com>
Date: Tue, 8 Jun 2021 18:49:44 +0300
Subject: [PATCH] init-repo

---
 .drone.yml              | 37 +++++++++++++++++++++++++++++++++++++
 .gitignore              |  1 +
 Dockerfile              | 10 ++++++++++
 Makefile                | 12 ++++++++++++
 README.md               | 13 +++++++++++--
 docker-compose.yml      | 16 ++++++++++++++++
 env/instance.env-dist   |  4 ++++
 etc/instance/.gitignore |  2 ++
 init.sh                 |  7 +++++++
 9 files changed, 100 insertions(+), 2 deletions(-)
 create mode 100644 .drone.yml
 create mode 100644 .gitignore
 create mode 100644 Dockerfile
 create mode 100644 Makefile
 create mode 100644 docker-compose.yml
 create mode 100644 env/instance.env-dist
 create mode 100644 etc/instance/.gitignore
 create mode 100755 init.sh

diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..dc97aea
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,37 @@
+---
+kind: pipeline
+type: docker
+name: pull_request
+image_pull_secrets:
+  - dockerconfigjson
+steps:
+  - name: lint yaml
+    image: registry.fedy95.com/baseimage-yamllint:latest
+    commands:
+      - yamllint -c /yamllint/relaxed.yaml docker-compose.yml
+    when:
+      event: pull_request
+---
+kind: pipeline
+type: ssh
+name: master_push
+clone:
+  disable: true
+server:
+  host:
+    from_secret: host
+  user:
+    from_secret: user
+  password:
+    from_secret: password
+steps:
+  - name: deploy
+    commands:
+      - cd /home/fedy95/infra/autossl-esxi
+      - git pull
+trigger:
+  branch:
+    - master
+  event:
+    - push
+...
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7eb71ca
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/env/instance.env
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e1633ad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,10 @@
+FROM registry.fedy95.com/baseimage-autossl:latest
+ARG EMAIL
+ARG DOMAIN
+ARG GD_Key
+ARG GD_Secret
+
+RUN export ${GD_Key} && export ${GD_Secret}
+
+COPY init.sh .
+ENTRYPOINT ["./init.sh"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..32411ca
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,12 @@
+MAKEFLAGS += --silent
+.PHONY: *
+
+REGISTRY=registry.fedy95.com
+YAMLLINT_TAG=baseimage-yamllint:latest
+
+LINT-YAML-CMD=docker run --rm -it -v $(PWD):/data ${REGISTRY}/${YAMLLINT_TAG}
+lint-yaml:
+	docker pull ${REGISTRY}/${YAMLLINT_TAG}
+	$(LINT-YAML-CMD) docker-compose.yml
+
+.DEFAULT_GOAL := lint-yaml
diff --git a/README.md b/README.md
index 781ca69..0a4dc83 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
-### template [![Build Status](https://drone.fedy95.com/api/badges/infra/template/status.svg)](https://drone.fedy95.com/infra/template)
+### autossl-synology [![Build Status](https://drone.fedy95.com/api/badges/infra/autossl-synology/status.svg)](https://drone.fedy95.com/infra/autossl-synology)
 
-Base repository for new infra-repos
+### how it works
+
+- https://github.com/acmesh-official/acme.sh
+- https://github.com/acmesh-official/acme.sh/wiki/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert
+
+---
+
+### services
+
+- https://gitea.fedy95.com/baseimage/autossl
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..12ce9d4
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,16 @@
+---
+version: "3"
+services:
+  instance:
+    build:
+      context: .
+    container_name: autossl-esxi
+    hostname: autossl-esxi
+
+    env_file: env/instance.env
+    volumes:
+      - ./etc/instance/cert.pem:/etc/vmware/ssl/cert.pem
+      - ./etc/instance/fullchain.pem:/etc/vmware/ssl/fullchain.pem
+      - ./etc/instance/privkey.pem:/etc/vmware/ssl/privkey.pem
+      - ./etc/instance/syno-ca-cert.pem:/etc/vmware/ssl/syno-ca-cert.pem
+...
diff --git a/env/instance.env-dist b/env/instance.env-dist
new file mode 100644
index 0000000..c479e6a
--- /dev/null
+++ b/env/instance.env-dist
@@ -0,0 +1,4 @@
+EMAIL=
+DOMAIN=
+GD_Key=
+GD_Secret=
diff --git a/etc/instance/.gitignore b/etc/instance/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/etc/instance/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/init.sh b/init.sh
new file mode 100755
index 0000000..e200225
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+./acme.sh --install -m "${EMAIL}"
+./acme.sh --issue --debug --dns dns_gd -d "${DOMAIN}" \
+ --cert-file /usr/syno/etc/ssl/cert.pem \
+ --key-file /usr/syno/etc/ssl/privkey.pem \
+ --fullchain-file /usr/syno/etc/ssl/fullchain.pem \
+ --capath /usr/syno/etc/ssl/syno-ca-cert.pem