From bea9f889ed91a3fe87437a2bca6fd76e9496b25c Mon Sep 17 00:00:00 2001
From: hygienic-books <hygienic-books@tentic.net>
Date: Sat, 25 Mar 2023 23:06:51 +0100
Subject: [PATCH] feat(quico-znc): Add ZNC and Nginx config reloads

---
 quico_znc_nginx_reload.sh | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 quico_znc_nginx_reload.sh

diff --git a/quico_znc_nginx_reload.sh b/quico_znc_nginx_reload.sh
new file mode 100755
index 0000000..83975bf
--- /dev/null
+++ b/quico_znc_nginx_reload.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+reverse_fqdn_cert_id="${1:?}"
+
+# Prep dirs
+mkdir -p '/etc/pki/tls/certs/quico-ops/'{'user/'{'nginx','znc'}}'/'"${reverse_fqdn_cert_id}"
+chown -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc'
+chmod -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc'
+chown -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx'
+chmod -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx'
+
+# Prep ZNC
+rsync -a '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/'
+cat '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/'{''"${reverse_fqdn_cert_id}"'.key','fullchain.cer'} > '/etc/pki/tls/certs/quico-ops/user/znc/'"${reverse_fqdn_cert_id}"'/znc.pem'
+chown -R 'znc:znc' '/etc/pki/tls/certs/quico-ops/user/znc'
+chmod -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/znc'
+
+# Prep Nginx
+rsync -a '/etc/pki/tls/certs/quico-ops/system/'"${reverse_fqdn_cert_id}"'/' '/etc/pki/tls/certs/quico-ops/user/nginx/'"${reverse_fqdn_cert_id}"'/'
+chown -R 'nginx:nginx' '/etc/pki/tls/certs/quico-ops/user/nginx'
+chmod -R 'u=rwX,go=' '/etc/pki/tls/certs/quico-ops/user/nginx'
+
+# Reload Nginx if active. ZNC on the other hand always delivers newest cert.
+# We don't have to care if ZNC is running.
+if systemctl --quiet is-active nginx.service; then
+    nginx -t && nginx -s reload
+fi