From 1375f4c102aed70afccf0fade5875cabdc917d18 Mon Sep 17 00:00:00 2001
From: Manuel Caballero <m.caballero@teradisk.com>
Date: Tue, 25 Oct 2022 13:58:30 +0200
Subject: [PATCH] remove cerbot service

---
 dd-sso/docker/certbot/auto-generate-certs.sh  | 50 -------------------
 dd-sso/docker/certbot/docker-entrypoint.sh    | 45 -----------------
 .../letsencrypt-hook-deploy-concatenante.sh   | 23 ---------
 .../docker/certbot/letsencrypt-renew-cron.sh  | 21 --------
 dd-sso/docker/certbot/letsencrypt.sh          | 50 -------------------
 5 files changed, 189 deletions(-)
 delete mode 100755 dd-sso/docker/certbot/auto-generate-certs.sh
 delete mode 100644 dd-sso/docker/certbot/docker-entrypoint.sh
 delete mode 100755 dd-sso/docker/certbot/letsencrypt-hook-deploy-concatenante.sh
 delete mode 100755 dd-sso/docker/certbot/letsencrypt-renew-cron.sh
 delete mode 100755 dd-sso/docker/certbot/letsencrypt.sh

diff --git a/dd-sso/docker/certbot/auto-generate-certs.sh b/dd-sso/docker/certbot/auto-generate-certs.sh
deleted file mode 100755
index 5d9a10a..0000000
--- a/dd-sso/docker/certbot/auto-generate-certs.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-cd /certs
-
-# Self signed cert generic data
-C=CA
-L=Barcelona
-O=localdomain
-CN_CA=$O
-CN_HOST=*.$O
-OU=$O
-
-echo '#### Creating 2048-bit RSA key:'
-openssl genrsa -out ca-key.pem 2048
-
-echo '#### Using the key to create a self-signed certificate to your CA:'
-openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-        -subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
-
-echo '#### Creating server certificate:'
-openssl genrsa -out server-key.pem 2048
-
-echo '#### Creating a certificate signing request for the server:'
-openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-          -subj "/CN=$CN_HOST"
-
-echo '#### Creating  server certificate:'
-RND=$(( ( RANDOM % 1000 ) + 1 ))
-openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-          -set_serial $RND -sha256 -out server-cert.pem
-
-echo '#### Concatenate certs for haprox'
-cat server-cert.pem server-key.pem > chain.pem
diff --git a/dd-sso/docker/certbot/docker-entrypoint.sh b/dd-sso/docker/certbot/docker-entrypoint.sh
deleted file mode 100644
index ade9bce..0000000
--- a/dd-sso/docker/certbot/docker-entrypoint.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#   Copyright © 2022 Evilham <contact@evilham.com>
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -e
-
-ln -sf /usr/local/etc/haproxy/${HAPROXY_CFG:-haproxy.normal.cfg} /usr/local/etc/haproxy/haproxy.cfg
-
-LETSENCRYPT_DOMAIN="$DOMAIN" letsencrypt.sh
-
-if [ ! -e "/certs/chain.pem" ]; then
-   auto-generate-certs.sh
-fi
-
-# first arg is `-f` or `--some-option`
-if [ "${1#-}" != "$1" ]; then
-        set -- haproxy "$@"
-fi
-
-if [ "$1" = 'haproxy' ]; then
-        shift # "haproxy"
-        # if the user wants "haproxy", let's add a couple useful flags
-        #   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
-        #   -db -- disables background mode
-        set -- haproxy -W -db "$@"
-fi
-
-exec "$@"
diff --git a/dd-sso/docker/certbot/letsencrypt-hook-deploy-concatenante.sh b/dd-sso/docker/certbot/letsencrypt-hook-deploy-concatenante.sh
deleted file mode 100755
index 3b3fc34..0000000
--- a/dd-sso/docker/certbot/letsencrypt-hook-deploy-concatenante.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-cat $RENEWED_LINEAGE/fullchain.pem $RENEWED_LINEAGE/privkey.pem > /certs/chain.pem
-
-kill -SIGUSR2 1
diff --git a/dd-sso/docker/certbot/letsencrypt-renew-cron.sh b/dd-sso/docker/certbot/letsencrypt-renew-cron.sh
deleted file mode 100755
index 486d64a..0000000
--- a/dd-sso/docker/certbot/letsencrypt-renew-cron.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-certbot renew --http-01-port 8080 --cert-name sso.$LETSENCRYPT_DOMAIN
diff --git a/dd-sso/docker/certbot/letsencrypt.sh b/dd-sso/docker/certbot/letsencrypt.sh
deleted file mode 100755
index a571eff..0000000
--- a/dd-sso/docker/certbot/letsencrypt.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/sh
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-if [ ! -L /etc/letsencrypt/renewal-hooks/deploy/letsencrypt-hook-deploy-concatenante.sh ]
-then
-  mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
-  ln -s /usr/local/sbin/letsencrypt-hook-deploy-concatenante.sh /etc/letsencrypt/renewal-hooks/deploy/
-fi
-
-if [ -n "$LETSENCRYPT_DOMAIN" -a -n "$LETSENCRYPT_EMAIL" ]
-then
-  LETSENCRYPT_DOMAIN="$LETSENCRYPT_DOMAIN" crond
-  if [ "$LETSENCRYPT_DOMAIN_ROOT" == "true" ]
-  then
-    option_root_domain="-d $LETSENCRYPT_DOMAIN"
-  fi
-  if [ ! -f /certs/chain.pem ]
-  then
-    if certbot certonly --standalone -m "$LETSENCRYPT_EMAIL" -n --agree-tos \
-      -d "sso.$LETSENCRYPT_DOMAIN" \
-      -d "api.$LETSENCRYPT_DOMAIN" \
-      -d "admin.$LETSENCRYPT_DOMAIN" \
-      -d "moodle.$LETSENCRYPT_DOMAIN" \
-      -d "nextcloud.$LETSENCRYPT_DOMAIN" \
-      -d "wp.$LETSENCRYPT_DOMAIN" \
-      -d "oof.$LETSENCRYPT_DOMAIN" \
-      -d "pad.$LETSENCRYPT_DOMAIN" \
-      $option_root_domain
-    then
-      RENEWED_LINEAGE="/etc/letsencrypt/live/sso.$LETSENCRYPT_DOMAIN" /etc/letsencrypt/renewal-hooks/deploy/letsencrypt-hook-deploy-concatenante.sh
-    fi
-  fi
-fi