#!/usr/bin/env bash # Phase 2: Set up certificate synchronization set -euo pipefail # Load IP configuration SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" if [ -f "$PROJECT_ROOT/.env" ]; then set +euo pipefail source "$PROJECT_ROOT/.env" 2>/dev/null || true set -euo pipefail fi PRIMARY_HOST="${PRIMARY_HOST:-192.168.11.11}" SECONDARY_HOST="${SECONDARY_HOST:-192.168.11.12}" REMOTE_PROJECT_ROOT="${REMOTE_PROJECT_ROOT:-$PROJECT_ROOT}" # Colors GREEN='\033[0;32m' BLUE='\033[0;34m' YELLOW='\033[1;33m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[✓]${NC} $1"; } log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; } log_info "Setting up certificate synchronization..." # Test sync script log_info "Testing certificate sync..." bash "$SCRIPT_DIR/sync-certificates.sh" || { log_warn "Initial sync failed (may be expected if certificates don't exist yet)" } # Set up cron job on primary log_info "Setting up automated certificate sync (cron job)..." if [[ "$REMOTE_PROJECT_ROOT" == /tmp/* ]]; then log_warn "Refusing to install cron from ephemeral remote path: $REMOTE_PROJECT_ROOT" log_warn "Set REMOTE_PROJECT_ROOT to a persistent checkout on the target host." exit 0 fi if ! ssh -o StrictHostKeyChecking=no root@"$PRIMARY_HOST" "test -f '$REMOTE_PROJECT_ROOT/scripts/npmplus/sync-certificates.sh'"; then log_warn "Remote project root missing on $PRIMARY_HOST: $REMOTE_PROJECT_ROOT" log_warn "Skipping cron install to avoid a broken host path." exit 0 fi CRON_CMD="*/5 * * * * cd $REMOTE_PROJECT_ROOT && bash $REMOTE_PROJECT_ROOT/scripts/npmplus/sync-certificates.sh >> /var/log/npmplus-cert-sync.log 2>&1" ssh -o StrictHostKeyChecking=no root@"$PRIMARY_HOST" "{ crontab -l 2>/dev/null | grep -v 'sync-certificates.sh' || true; echo '$CRON_CMD'; } | crontab -" log_success "Cron job installed on primary host" log_success "Phase 2 complete: Certificate sync configured"