From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Sat, 28 Jan 2023 17:00:48 +0000 (+0100)
Subject: Improved code
X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=d79663bc71a1f5932d442ab182050af289aabbe9;p=scripts.git

Improved code
---

diff --git a/update_certificate b/update_certificate
index d16a2bf..33f710d 100755
--- a/update_certificate
+++ b/update_certificate
@@ -2,47 +2,47 @@
 
 # Parameters
 CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
-src_cert="$CERT_PATH/fullchain.pem"
-src_key="$CERT_PATH/privkey.pem"
-dst_folder="/etc/ssl/giorgioravera.it/"
-dst_cert="$dst_folder/cert.pem"
-dst_key="$dst_folder/privkey.pem"
-dst_server="$dst_folder/server.pem"
-dst_tmp_folder="/tmp"
-dst_tmp_cert="$dst_tmp_folder/cert.pem"
-dst_tmp_key="$dst_tmp_folder/key.pem"
-dst_tmp_server="$dst_tmp_folder/server.pem"
+SRC_CERT="$CERT_PATH/fullchain.pem"
+SRC_KEY="$CERT_PATH/privkey.pem"
+DST_PATH="/etc/ssl/giorgioravera.it/"
+DST_CERT="$DST_PATH/cert.pem"
+DST_KEY="$DST_PATH/privkey.pem"
+DST_SERVER="$DST_PATH/server.pem"
+DST_TMP_PATH="/tmp"
+DST_TMP_CERT="$DST_TMP_PATH/cert.pem"
+DST_TMP_KEY="$DST_TMP_PATH/key.pem"
+DST_TMP_SERVER="$DST_TMP_PATH/server.pem"
 PATH="$PATH:/usr/local/bin"
 
 # Copy Certificate
 # Copy Certificate in $dst folder
 function copy_certificate () {
-	ALIVE=$(ping -c 1 $host |grep ttl)
+	ALIVE=$(ping -c 1 $HOST |grep ttl)
 	if [ ! -z "$ALIVE" ]; then
-		ssh $user@$host mkdir -p $dst_folder
-		scp $src_cert $user@$host:$dst_cert
-		scp $src_key $user@$host:$dst_key
-		ssh $user@$host "cat $dst_cert > $dst_server"
-		ssh $user@$host "cat $dst_key >> $dst_server"
-		ssh $user@$host $command
+		ssh $USER@$HOST mkdir -p $DST_PATH
+		scp $SRC_CERT $USER@$HOST:$DST_CERT
+		scp $SRC_KEY $USER@$HOST:$DST_KEY
+		ssh $USER@$HOST "cat $DST_CERT > $DST_SERVER"
+		ssh $USER@$HOST "cat $DST_KEY >> $DST_SERVER"
+		ssh $USER@$HOST $COMMAND
 	else
-		echo "Host $host not alive, skipped"
+		echo "Host $HOST not alive, skipped"
 	fi
 }
 
 # Update Certificate
-# Create a temporary file to update the old one using $command
+# Create a temporary file to update the old one using $COMMAND
 function update_certificate () {
-	ALIVE=$(ping -c 1 $host |grep ttl)
+	ALIVE=$(ping -c 1 $HOST |grep ttl)
 	if [ ! -z "$ALIVE" ]; then
-		scp $src_cert $user@$host:$dst_tmp_cert
-		scp $src_key $user@$host:$dst_tmp_key
-		ssh $user@$host "cat $dst_tmp_cert > $dst_tmp_server"
-		ssh $user@$host "cat $dst_tmp_key >> $dst_tmp_server"
-		ssh $user@$host $command
-		ssh $user@$host rm $dst_tmp_cert $dst_tmp_key $dst_tmp_server
+		scp $SRC_CERT $USER@$HOST:$DST_TMP_CERT
+		scp $SRC_KEY $USER@$HOST:$DST_TMP_KEY
+		ssh $USER@$HOST "cat $DST_TMP_CERT > $DST_TMP_SERVER"
+		ssh $USER@$HOST "cat $DST_TMP_KEY >> $DST_TMP_SERVER"
+		ssh $USER@$HOST $COMMAND
+		ssh $USER@$HOST rm $DST_TMP_CERT $DST_TMP_KEY $DST_TMP_SERVER
 	else
-		echo "Host $host not alive, skipped"
+		echo "Host $HOST not alive, skipped"
 	fi
 }
 
@@ -51,9 +51,9 @@ function update_server() {
 	echo " ------------------------------- "
 	echo "| Updating Server Certificate   |"
 	echo " ------------------------------- "
-	host="server.giorgioravera.it"
-	user="root"
-	command="systemctl restart apache2 postfix dovecot proftpd && systemctl restart slapd"
+	HOST="server.giorgioravera.it"
+	USER="root"
+	COMMAND="systemctl restart apache2 postfix dovecot proftpd && systemctl restart slapd"
 	copy_certificate
 	echo ""
 }
@@ -63,9 +63,9 @@ function update_docker () {
 	echo " ------------------------------- "
 	echo "| Updating Docker Certificate   |"
 	echo " ------------------------------- "
-	host="docker.giorgioravera.it"
-	user="root"
-	command="docker container restart traefik mosquitto zigbee2mqtt"
+	HOST="docker.giorgioravera.it"
+	USER="root"
+	COMMAND="docker container restart traefik mosquitto zigbee2mqtt"
 	copy_certificate
 	echo ""
 }
@@ -75,12 +75,12 @@ function update_asterisk () {
 	echo " ------------------------------- "
 	echo "| Updating Asterisk Certificate |"
 	echo " ------------------------------- "
-	host="asterisk.giorgioravera.it"
-	user="root"
-	command="cat $dst_tmp_cert > /etc/asterisk/keys/Asterisk.crt &&
-		cat $dst_tmp_key > /etc/asterisk/keys/Asterisk.key &&
-		cat $dst_tmp_cert > /etc/httpd/pki/webserver.crt &&
-		cat $dst_tmp_key > /etc/httpd/pki/webserver.key &&
+	HOST="asterisk.giorgioravera.it"
+	USER="root"
+	COMMAND="cat $DST_TMP_CERT > /etc/asterisk/keys/Asterisk.crt &&
+		cat $DST_TMP_KEY > /etc/asterisk/keys/Asterisk.key &&
+		cat $DST_TMP_CERT > /etc/httpd/pki/webserver.crt &&
+		cat $DST_TMP_KEY > /etc/httpd/pki/webserver.key &&
 		fwconsole certificate --import &&
 		fwconsole certificate --default=0 &&
 		fwconsole reload &&
@@ -94,9 +94,9 @@ function update_nas () {
 	echo " ------------------------------- "
 	echo "| Updating NAS Certificate      |"
 	echo " ------------------------------- "
-	host="nas.giorgioravera.it"
-	user="admin"
-	command="cat $dst_tmp_server > /etc/stunnel/stunnel.pem &&
+	HOST="nas.giorgioravera.it"
+	USER="admin"
+	COMMAND="cat $DST_TMP_SERVER > /etc/stunnel/stunnel.pem &&
 		openssl pkcs12 -export -in /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pk12 -name nas.giorgioravera.it -password pass: &&
 		/etc/init.d/stunnel.sh restart"
 	#	/etc/init.d/plex.sh restart"
@@ -109,29 +109,29 @@ function update_firewall () {
 	echo " ------------------------------- "
 	echo "| Updating Firewall Certificate |"
 	echo " ------------------------------- "
-	host="firewall.giorgioravera.it"
-	user="admin"
-	ALIVE=$(ping -c 1 $host |grep ttl)
+	HOST="firewall.giorgioravera.it"
+	USER="admin"
+	ALIVE=$(ping -c 1 $HOST |grep ttl)
 	if [ ! -z "$ALIVE" ]; then
 		update_certificate_firewall
 	else
-		echo "Host $host not alive, skipped"
+		echo "Host $HOST not alive, skipped"
 	fi
 	echo ""
 }
 
-# Update Fritz Box
+# Update Fritz
 function update_fritz () {
 	echo " ------------------------------- "
 	echo "| Updating Fritz Certificate    |"
 	echo " ------------------------------- "
-	host="fritz.giorgioravera.it"
-	user="admin"
-	ALIVE=$(ping -c 1 $host |grep ttl)
+	HOST="fritz.giorgioravera.it"
+	USER="admin"
+	ALIVE=$(ping -c 1 $HOST |grep ttl)
 	if [ ! -z "$ALIVE" ]; then
 		update_certificate_fritz
 	else
-		echo "Host $host not alive, skipped"
+		echo "Host $HOST not alive, skipped"
 	fi
 	echo ""
 }
@@ -141,9 +141,9 @@ function update_xenserver () {
 	echo " ------------------------------- "
 	echo "| Updating Xenserver Certificate |"
 	echo " ------------------------------- "
-	host="xenserver.giorgioravera.it"
-	user="root"
-	command="cat $dst_tmp_server > /etc/xensource/xapi-ssl.pem &&
+	HOST="xenserver.giorgioravera.it"
+	USER="root"
+	COMMAND="cat $DST_TMP_SERVER > /etc/xensource/xapi-ssl.pem &&
 		systemctl restart xapi.service"
 	update_certificate
 	echo ""
@@ -154,10 +154,10 @@ function update_pve () {
 	echo " ------------------------------- "
 	echo "| Updating Proxmox Certificate  |"
 	echo " ------------------------------- "
-	host="pve.giorgioravera.it"
-	user="root"
-	command="cat $dst_tmp_cert > /etc/pve/local/pveproxy-ssl.pem &&
-		cat $dst_tmp_key > /etc/pve/local/pveproxy-ssl.key &&
+	HOST="pve.giorgioravera.it"
+	USER="root"
+	COMMAND="cat $DST_TMP_CERT > /etc/pve/local/pveproxy-ssl.pem &&
+		cat $DST_TMP_KEY > /etc/pve/local/pveproxy-ssl.key &&
 		systemctl restart pveproxy.service &&
 		systemctl restart nginx.service"
 	update_certificate
diff --git a/update_certificate_firewall b/update_certificate_firewall
index a933bf8..a9f0d2d 100755
--- a/update_certificate_firewall
+++ b/update_certificate_firewall
@@ -1,41 +1,41 @@
 #!/bin/bash
 
 # Parameters
-host='firewall.giorgioravera.it'
-username="root"
-cert_path="/etc/letsencrypt/live/server.giorgioravera.it"
-keyname="letsencrypt"
-certificate="cert.pem"
-privatekey="privkey.pem"
+HOST='firewall.giorgioravera.it'
+USERNAME="root"
+CERT_PATH="/etc/letsencrypt/live/server.giorgioravera.it"
+KEYNAME="letsencrypt"
+CERT="fullchain.pem"
+KEY="privkey.pem"
 
 # Certificate and Key Preparation
-cert=$(base64 $cert_path/$certificate)
-cert=$(echo $cert | sed "s/ //g")
-key=$(base64 $cert_path/$privatekey)
-key=$(echo $key | sed "s/ //g")
+B64_CERT=$(base64 $CERT_PATH/$CERT)
+B64_CERT=$(echo $B64_CERT | sed "s/ //g")
+B64_KEY=$(base64 $CERT_PATH/$KEY)
+B64_KEY=$(echo $B64_KEY | sed "s/ //g")
 
 # Moving into temp dir
 cd /tmp
 
 # Download Configuration
-scp $username@$host:/conf/config.xml config.xml
+scp $USERNAME@$HOST:/conf/config.xml config.xml
 
 # Extraction old cert and kay from configuration
-oldcertificate=$(grep -A2 -P $keyname config.xml | awk '/<crt>/ { print $1}' | sed "s|<crt>||g" | sed "s|</crt>||g")
-oldprivatekey=$(grep -A2 -P $keyname config.xml | awk '/<prv>/ { print $1}' | sed "s|<prv>||g" | sed "s|</prv>||g")
+OLD_CERT=$(grep -A2 -P $KEYNAME config.xml | awk '/<crt>/ { print $1}' | sed "s|<crt>||g" | sed "s|</crt>||g")
+OLD_KEY=$(grep -A2 -P $KEYNAME config.xml | awk '/<prv>/ { print $1}' | sed "s|<prv>||g" | sed "s|</prv>||g")
 
 # Check if it's necessary updating certificate and key
-if grep "$cert" config.xml > /dev/null
+if grep "$B64_CERT" config.xml > /dev/null
 then
     echo "Identical certificate found, renewal not required"
 else
     echo "Certificate not found, renewal required"
     # Replace old cert & key
-    sed -i -e "s|$oldcertificate|$cert|g" config.xml
-    sed -i -e "s|$oldprivatekey|$key|g" config.xml
-    scp config.xml $username@$host:/conf/config.xml
-    ssh $username@$host rm /tmp/config.cache
-    ssh $username@$host /etc/rc.restart_webgui
+    sed -i -e "s|$OLD_CERT|$B64_CERT|g" config.xml
+    sed -i -e "s|$OLD_KEY|$B64_KEY|g" config.xml
+    scp config.xml $USERNAME@$HOST:/conf/config.xml
+    ssh $USERNAME@$HOST rm /tmp/config.cache
+    ssh $USERNAME@$HOST /etc/rc.restart_webgui
 fi
 
 # Clean directory