mirror of
https://github.com/plausible/analytics.git
synced 2024-12-25 10:33:01 +03:00
65 lines
1.7 KiB
Elixir
65 lines
1.7 KiB
Elixir
defmodule Plausible.Workers.ProvisionSslCertificates do
|
|
use Plausible.Repo
|
|
use Oban.Worker, queue: :provision_ssl_certificates, max_attempts: 1
|
|
require Logger
|
|
@timeout 20_000
|
|
|
|
@impl Oban.Worker
|
|
def perform(_job, ssh \\ SSHEx) do
|
|
config = get_config()
|
|
|
|
{:ok, conn} =
|
|
ssh.connect(
|
|
ip: to_charlist(config[:ip]),
|
|
user: to_charlist(config[:user]),
|
|
password: to_charlist(config[:password])
|
|
)
|
|
|
|
recent_custom_domains =
|
|
Repo.all(
|
|
from cd in Plausible.Site.CustomDomain,
|
|
where: cd.updated_at > fragment("now() - '3 days'::interval"),
|
|
where: not cd.has_ssl_certificate
|
|
)
|
|
|
|
for domain <- recent_custom_domains do
|
|
res =
|
|
ssh.run(
|
|
conn,
|
|
'sudo certbot certonly --webroot -w /root/webroot -n -d \"#{domain.domain}\"',
|
|
channel_timeout: @timeout,
|
|
exec_timeout: @timeout
|
|
)
|
|
|
|
case res do
|
|
{:ok, msg, code} ->
|
|
report_result({msg, code}, domain)
|
|
|
|
e ->
|
|
Logger.warn("Error obtaining SSL certificate for #{domain.domain}: #{inspect(e)}")
|
|
end
|
|
end
|
|
|
|
:ok
|
|
end
|
|
|
|
defp report_result({_, 0}, domain) do
|
|
Ecto.Changeset.change(domain, has_ssl_certificate: true) |> Repo.update!()
|
|
Plausible.Slack.notify("Obtained SSL cert for #{domain.domain}")
|
|
:ok
|
|
end
|
|
|
|
defp report_result({error_msg, error_code}, domain) do
|
|
Logger.warn(
|
|
"Error obtaining SSL certificate for #{domain.domain}: #{error_msg} (code=#{error_code})"
|
|
)
|
|
|
|
# Failing to obtain is expected, not a failure for the job queue
|
|
:ok
|
|
end
|
|
|
|
defp get_config() do
|
|
Application.get_env(:plausible, :custom_domain_server)
|
|
end
|
|
end
|