Install script (#3)

* Add install script

* Update readme

.github/workflows/ci.yaml

@@ -0,0 +1,48 @@
+name: ci
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  gomodtidy:
+    name: tidy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: go mod tidy
+        run: go mod tidy
+      - name: git diff
+        run: |
+          git diff --exit-code --quiet
+          if [ $? -ne 0 ]; then
+            echo "Please run 'go mod tidy' and commit the changes"
+            exit 1
+          fi
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59
+  gotest:
+    name: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: go test
+        run: go test -v -race -cover ./...

.goreleaser.yaml

@@ -15,7 +15,7 @@ builds:
     goarch:
       - arm
     goarm:
-      - 7
+      - "7"
 
 report_sizes: true
 
@@ -54,9 +54,6 @@ release:
     owner: nateinaction
     name: pikvm-tailscale-cert-renewer
 
-  # TODO: Remove when comfortable with goreleaser setup
-  draft: true
-
   # Will mark the release as not ready for production in case 
   # there is an indicator for this in the tag e.g. v1.0.0-rc1
   prerelease: auto

README.md

@@ -1,16 +1,80 @@
-# PiKVM Tailscale Cert Renewer
+# PiKVM Tailscale Certificate Renewer
 
-This is a tool to automatically renew tailscale certs for a PiKVM
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+<!-- ![CI](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/actions/workflows/ci.yaml/badge.svg) -->
 
-This tool assumes you have setup your PiKVM and the [tailscale integration](https://docs.pikvm.org/tailscale/) using the [official docs](https://docs.pikvm.org/). This tool is designed around the following information from the docs:
->If you have a certificate (making a cert falls outside the scope of PiKVM - please reference OpenSSL documentation or use Let's Encrypt), replace keys in /etc/kvmd/nginx/ssl, edit /etc/kvmd/nginx/ssl.conf if necessary and restart kvmd-nginx service. *[PiKVM Common Questions](https://docs.pikvm.org/faq/#common-questions)*
+Automatically renew Tailscale SSL certificates for your PiKVM with ease!
 
-This tool automatically discovers your tailscale domain, creates and renews certs for that domain, sets the cert path in the nginx config, and restarts NGINX.
+## 🚀 Features
 
+- **Automatic Discovery**: Detects your Tailscale domain without manual configuration
+- **Certificate Management**: Creates and renews certificates seamlessly
+- **NGINX Integration**: Updates NGINX configuration and restarts the service automatically
+- **Zero Maintenance**: Set it and forget it - your certs will always be up-to-date
+
+## 🛠 Prerequisites
+
+This tool assumes you have:
+1. Set up your PiKVM
+2. Configured the [Tailscale integration](https://docs.pikvm.org/tailscale/) using the [official PiKVM documentation](https://docs.pikvm.org/)
+
+## 📦 Installation
+
+To install, run the following command on your PiKVM:
+
+```bash
+curl -L -s "https://raw.githubusercontent.com/nateinaction/pikvm-tailscale-cert-renewer/main/install.sh" | bash
 ```
-[root@pikvm ~]# systemctl edit --force --full pikvm-tailscale-cert-renewer.service
-Successfully installed edited file '/etc/systemd/system/pikvm-tailscale-cert-renewer.service'.
-[root@pikvm ~]# systemctl enable pikvm-tailscale-cert-re^C
-[root@pikvm ~]# mv pikvm-tailscale-cert-renewer /usr/local/bin/
-[root@pikvm ~]# systemctl enable pikvm-tailscale-cert-renewer.service
+
+## 🔍 Monitoring 
+
+After installation, the certificate renewer runs as a system service. You can monitor its status using systemctl:
+
+```bash
+systemctl status pikvm-tailscale-cert-renewer
+```
+
+For more detailed logs, use journalctl:
+
+```bash
+journalctl -u pikvm-tailscale-cert-renewer
 ```
+
+## 🎬 Covered Scenarios
+
+The certificate renewer primarily operates in an idle state but actively watches for the following scenarios:
+- Tailscale domain changes
+- Certificate mismatchs between Tailscale and filesystem caused by
+    - Certificate revocation
+    - Certificate expiry
+    - Missing certificate files
+    - Modified certificate files
+- NGINX configuration changes
+
+## 📋 Example Log
+Here's an example log output when a Tailscale domain change occurs:
+
+```
+Jul 17 04:25:31 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:31 WARN cert file does not exist path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.crt
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read/write
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote cert file path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.crt
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote key file path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.key
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read-only
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 WARN cert or key line not found in nginx config path=/etc/kvmd/nginx/ssl.conf
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read/write
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote to nginx ssl config path=/etc/kvmd/nginx/ssl.conf
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read-only
+Jul 17 04:25:48 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:48 INFO kvmd-nginx restarted
+```
+
+## 📝 License
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+## 🤝 Contributing
+Contributions, issues, and feature requests are welcome! Feel free to check the issues page.
+
+## 🌟 Show your support
+Give a ⭐️ if this project helped you!
+
+## 📞 Contact
+If you have any questions or feedback, please [open an issue](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/issues) or start a [discussion](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/discussions).

install.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+# PiKVM Tailscale Certificate Renewer Installer
+# This script can be curled and piped to bash to install the latest version
+
+set -e
+
+function cleanup {
+    # Set FS to read-only
+    ro
+}
+
+trap cleanup EXIT
+
+owner="nateinaction"
+name="pikvm-tailscale-cert-renewer"
+repo="${owner}/${name}"
+
+# later we may determine the architecture and download the correct binary
+# right now all PiKVMs are armv7
+tar_name="${name}_Linux_armv7"
+
+# Get latest release
+latest_release=$(curl -s "https://api.github.com/repos/${repo}/releases/latest" | grep "tag_name" | cut -d '"' -f 4)
+echo "Latest release: ${latest_release}"
+
+# Set FS to read/write
+rw
+
+# Download binary and move to /usr/local/bin
+curl -L -s "https://github.com/${repo}/releases/download/${latest_release}/${tar_name}.tar.gz" -o /tmp/${tar_name}.tar.gz
+tar -xzf /tmp/${tar_name}.tar.gz -C /tmp
+mv "/tmp/${name}" /usr/local/bin/
+
+# Download systemd service file and move to /etc/systemd/system
+curl -L -s "https://raw.githubusercontent.com/${repo}/${latest_release}/${name}.service" -o "/etc/systemd/system/${name}.service"
+
+# Reload systemd and enable/start the service
+systemctl daemon-reload
+systemctl enable "${name}"
+systemctl start "${name}"
+
+echo "Installed ${name} ${latest_release}"