Add certbot set up to bootstrap

bootstrap.sh

@@ -13,7 +13,7 @@ passwd -l root
 
 # Install necessary packages
 echo "------- Installing packages -------"
-pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw
+pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw certbot certbot-dns-digitalocean
 
 echo "------- Setting up SSH -------"
 # Remove old SSH keys in case running again
@@ -52,6 +52,27 @@ chmod +x /app/gitea/gitea
 chown -R git /app/gitea/gitea
 chown -R git /var/lib/gitea
 
+if [ $APP_ENV = "production" ]
+then
+    echo "------- Enabling certbot service -------"
+    mkdir -p /root/.secret/certbot
+    tee /root/.secret/certbot/digitalocean.ini <<END
+# DigitalOcean API credentials used by Certbot
+dns_digitalocean_token = $DIGITALOCEAN_TOKEN
+END
+
+    certbot certonly \
+	--dns-digitalocean \
+	--dns-digitalocean-credentials /root/.secret/certbot/digitalocean.ini \
+	-d *.$DOMAIN -d $DOMAIN \
+	-m stofflees@gmail.com \
+	--agree-tos \
+	--no-eff-email
+
+    cp /opt/scarif/certbot/* /etc/systemd/system/
+    systemctl enable --now certbot.timer
+fi
+
 echo "------- Adding config folders for jitsi -------"
 mkdir -p /opt/jitsi/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}