#!/bin/sh
#
# TODO: Handle "$1".

set -eu

#DEBHELPER#

# `certbot` *must* be installed by this package.
if [ "$(hostname)" = shione ]; then
	certbot \
		--agree-tos \
		--email renken+letsencrypt@shione.net \
		-d shione.net \
		-d www.shione.net \
		-d git.shione.net
else
	out=/etc/letsencrypt/live/shione.net

	mkdir -p -- "$out"
	openssl genrsa \
		>"$out"/privkey.pem
	openssl req \
		-new \
		-x509 \
		-key /etc/letsencrypt/live/shione.net/privkey.pem \
		-subj '/CN=shione.net/O=shione.net./C=FR' \
		>/etc/letsencrypt/live/shione.net/fullchain.pem
fi

# Apply new nginx configuration.
deb-systemd-invoke restart nginx