DEV: better SSL detection

featheredtoast · featheredtoast · commit 0c72a8a14e41 · 2025-07-28T23:36:13.000-07:00
With web.ssl.template.yml added:
enable configuring of ssl if /shared/ssl/ssl.crt and /shared/ssl/ssl.key exists

With web.letsencrypt.ssl.template.yml added:
in addition to ssl detection, enable configuring of letsencrypt if
LETSENCRYPT_ACCOUNT_EMAIL exists and is valid.
diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
@@ -121,22 +121,18 @@ run:
 
 hooks:
   after_ssl:
-    - file:
-        path: /etc/runit/1.d/install-ssl
-        chmod: "+x"
-        contents: |
-          #!/bin/bash
-          if [ -z "$DISCOURSE_HOSTNAME" ]; then
-            echo "DISCOURSE_HOSTNAME expected"
-            exit 1
-          fi
-          if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then
+    - replace:
+       filename: /etc/runit/1.d/install-ssl
+       from: "# after ssl"
+       to: |
+          if [ -n "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then
+            if [[ ! "$LETSENCRYPT_ACCOUNT_EMAIL" =~ ([^@]+)@([^\.]+) ]]; then
+              echo "LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address"
+              exit 1
+            fi
+            /usr/local/bin/configure-ssl
+            exec /usr/local/bin/configure-letsencrypt
+          else
             echo "LETSENCRYPT_ACCOUNT_EMAIL ENV not set. Skipping Let's Encrypt setup."
-            exit 0
-          fi
-          if [[ ! "$LETSENCRYPT_ACCOUNT_EMAIL" =~ ([^@]+)@([^\.]+) ]]; then
-            echo "LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address"
-            exit 1
           fi
-          /usr/local/bin/configure-ssl
-          exec /usr/local/bin/configure-letsencrypt
+          # after ssl
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
@@ -1,5 +1,3 @@
-env:
-  ENABLE_SSL: 1
 run:
   - file:
       path: /etc/runit/1.d/install-ssl
@@ -11,9 +9,13 @@ run:
           echo "DISCOURSE_HOSTNAME expected"
           exit 1
         fi
-        if [ -n "$ENABLE_SSL" ]; then
+        if [ -f /shared/ssl/ssl.crt ] && [ -f /shared/ssl/ssl.key ]; then
           exec /usr/local/bin/configure-ssl
+          exit 0
+        else
+          echo "Skipping ssl setup: missing /shared/ssl/ssl.crt or /shared/ssl/ssl.key"
         fi
+        # after ssl
 
   - file:
       path: "/usr/local/bin/configure-ssl"
