API tools faq
paste
Advertisement
Harakiri88

Proxmox Tailscale Certificate

Harakiri88
May 7th, 2025
9
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.21 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. LOG_FILE="/var/log/proxmox-cert-renewal.log"
  4. LAST_RUN_FILE="/var/lib/proxmox-cert-renewal/last_run"
  5. LOCK_FILE="/var/run/proxmox-cert-renewal.lock"
  6.  
  7. log_message() {
  8. echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
  9. }
  10.  
  11. cleanup() {
  12. rm -f "$LOCK_FILE"
  13. log_message "Lock file cleanup completed"
  14. }
  15.  
  16. if [ "$EUID" -ne 0 ]; then
  17. log_message "Error: Script must be run as root"
  18. exit 1
  19. fi
  20.  
  21. mkdir -p "$(dirname "$LAST_RUN_FILE")"
  22.  
  23. if [ -f "$LOCK_FILE" ]; then
  24. if kill -0 "$(cat "$LOCK_FILE")" 2>/dev/null; then
  25. log_message "Another instance of the script is already running. Exiting."
  26. exit 1
  27. fi
  28. rm -f "$LOCK_FILE"
  29. fi
  30.  
  31. echo $$ > "$LOCK_FILE"
  32. trap cleanup EXIT
  33.  
  34. if [ -f "$LAST_RUN_FILE" ]; then
  35. last_run=$(cat "$LAST_RUN_FILE")
  36. now=$(date +%s)
  37. if [ $((now - last_run)) -lt 6048000 ]; then
  38. log_message "The certificate was renewed less than 10 weeks ago. No action needed."
  39. exit 0
  40. fi
  41. fi
  42.  
  43. if ! tailscale status >/dev/null 2>&1; then
  44. log_message "Error: Tailscale is not running"
  45. exit 1
  46. fi
  47.  
  48. if ! tailscale status | grep -q "^100\."; then
  49. log_message "Error: Tailscale is not properly connected"
  50. exit 1
  51. fi
  52.  
  53. NAME="$(tailscale status --json | jq '.Self.DNSName | .[:-1]' -r)"
  54. if [ -z "$NAME" ]; then
  55. log_message "Error: Unable to retrieve DNS name from Tailscale"
  56. exit 1
  57. fi
  58.  
  59. log_message "Starting certificate renewal for $NAME"
  60.  
  61. if ! tailscale cert "$NAME"; then
  62. log_message "Error: Certificate generation failed"
  63. exit 1
  64. fi
  65.  
  66. if [ ! -f "${NAME}.crt" ] || [ ! -f "${NAME}.key" ]; then
  67. log_message "Error: Certificate files not found"
  68. exit 1
  69. fi
  70.  
  71. if ! openssl x509 -in "${NAME}.crt" -noout -text >/dev/null 2>&1; then
  72. log_message "Error: The generated certificate is invalid"
  73. rm -f "${NAME}.crt" "${NAME}.key"
  74. exit 1
  75. fi
  76.  
  77. if ! pvenode cert set "${NAME}.crt" "${NAME}.key" --force --restart; then
  78. log_message "Error: Failed to install certificate in Proxmox"
  79. rm -f "${NAME}.crt" "${NAME}.key"
  80. exit 1
  81. fi
  82.  
  83. rm -f "${NAME}.crt" "${NAME}.key"
  84.  
  85. date +%s > "$LAST_RUN_FILE"
  86.  
  87. log_message "Certificate renewal completed successfully"
  88.  
  89. exit 0
  90.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!