From b42bae132db6c776a2f7f9640a2eead91099631a Mon Sep 17 00:00:00 2001
From: Luca Beltrame <lbeltrame@kde.org>
Date: Sun, 13 Jun 2021 18:33:58 +0200
Subject: [PATCH] Personal script to reload services where needed after LE is
 done updating

---
 sysadmin/le_lan_reload_services.sh | 40 ++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 sysadmin/le_lan_reload_services.sh

diff --git a/sysadmin/le_lan_reload_services.sh b/sysadmin/le_lan_reload_services.sh
new file mode 100644
index 0000000..6298f16
--- /dev/null
+++ b/sysadmin/le_lan_reload_services.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+LE_DOMAIN="DOMAIN"
+LDAP_SHORTNAME="HOSTNAME"
+UPDATE_MIKROTIK=0
+MIKROTIK_HOST="mikrotik"
+
+# Reload services
+
+systemctl reload nginx
+systemctl restart sssd
+
+# Re-import the certificate in the LDAP store
+
+dsconf -v -D "cn=Directory Manager" "${LDAP_SHORTNAME}" security certificate add \
+    --file /etc/letsencrypt/live/"${LE_DOMAIN}"/cert.pem \
+        --primary-cert \
+        --name "LE"
+
+systemctl restart dirsrv@${LDAP_SHORTNAME}
+
+# Push the certificates to a Mikrotik AP
+#NOTE: This assumes you have set up SSH for a user with public key auth
+
+if [[ $UPDATE_MIKROTIK ]];
+then
+
+scp "/etc/letsencrypt/${LE_DOMAIN}/privkey.pem" "${MIKROTIK_HOST}":
+scp "/etc/letsencrypt/${LE_DOMAIN}/fullchain.pem" "${MIKROTIK_HOST}":
+
+ssh mikrotik -T <<EOF
+/certificate import file-name=fullchain.pem passphrase=""
+/certificate import file-name=privkey.pem passphrase=""
+/file remove fullchain.pem
+/file remove privkey.pem
+/ip service set www-ssl certificate=fullchain.pem_0
+/ip service set api-ssl certificate=fullchain.pem_0
+EOF
+
+fi