From 318d483b961d59fd61edb196fcfbb8ad4614b664 Mon Sep 17 00:00:00 2001
From: Nate Gay <email@nategay.me>
Date: Tue, 16 Jul 2024 23:40:15 -0500
Subject: [PATCH] Update readme

---
 .github/workflows/ci.yaml        | 48 +++++++++++++++++++
 .github/workflows/gomodtidy.yaml | 26 -----------
 .github/workflows/lint.yaml      | 22 ---------
 .github/workflows/test.yaml      | 19 --------
 README.md                        | 80 +++++++++++++++++++++++++++++---
 install.sh                       |  8 ++--
 6 files changed, 126 insertions(+), 77 deletions(-)
 create mode 100644 .github/workflows/ci.yaml
 delete mode 100644 .github/workflows/gomodtidy.yaml
 delete mode 100644 .github/workflows/lint.yaml
 delete mode 100644 .github/workflows/test.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..cbe0a0f
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,48 @@
+name: ci
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  gomodtidy:
+    name: tidy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: go mod tidy
+        run: go mod tidy
+      - name: git diff
+        run: |
+          git diff --exit-code --quiet
+          if [ $? -ne 0 ]; then
+            echo "Please run 'go mod tidy' and commit the changes"
+            exit 1
+          fi
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.59
+  gotest:
+    name: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: stable
+      - name: go test
+        run: go test -v -race -cover ./...
diff --git a/.github/workflows/gomodtidy.yaml b/.github/workflows/gomodtidy.yaml
deleted file mode 100644
index fe68882..0000000
--- a/.github/workflows/gomodtidy.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: go mod tidy
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  gomodtidy:
-    name: tidy
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - name: go mod tidy
-        run: go mod tidy
-      - name: git diff
-        run: |
-          git diff --exit-code --quiet
-          if [ $? -ne 0 ]; then
-            echo "Please run 'go mod tidy' and commit the changes"
-            exit 1
-          fi
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
deleted file mode 100644
index 92714f1..0000000
--- a/.github/workflows/lint.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-name: lint
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-
-jobs:
-  golangci:
-    name: lint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
-        with:
-          version: v1.59
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
deleted file mode 100644
index c377e34..0000000
--- a/.github/workflows/test.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: test
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  gotest:
-    name: test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - name: go test
-        run: go test -v -race -cover ./...
diff --git a/README.md b/README.md
index f79fa1c..45aed60 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,80 @@
-# PiKVM Tailscale Cert Renewer
+# PiKVM Tailscale Certificate Renewer
 
-This is a tool to automatically renew tailscale certs for a PiKVM
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+<!-- ![CI](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/actions/workflows/ci.yaml/badge.svg) -->
 
-This tool assumes you have setup your PiKVM and the [tailscale integration](https://docs.pikvm.org/tailscale/) using the [official docs](https://docs.pikvm.org/). This tool is designed around the following information from the docs:
->If you have a certificate (making a cert falls outside the scope of PiKVM - please reference OpenSSL documentation or use Let's Encrypt), replace keys in /etc/kvmd/nginx/ssl, edit /etc/kvmd/nginx/ssl.conf if necessary and restart kvmd-nginx service. *[PiKVM Common Questions](https://docs.pikvm.org/faq/#common-questions)*
+Automatically renew Tailscale SSL certificates for your PiKVM with ease!
 
-This tool automatically discovers your tailscale domain, creates and renews certs for that domain, sets the cert path in the nginx config, and restarts NGINX.
+## 🚀 Features
 
-```
+- **Automatic Discovery**: Detects your Tailscale domain without manual configuration
+- **Certificate Management**: Creates and renews certificates seamlessly
+- **NGINX Integration**: Updates NGINX configuration and restarts the service automatically
+- **Zero Maintenance**: Set it and forget it - your certs will always be up-to-date
+
+## 🛠 Prerequisites
+
+This tool assumes you have:
+1. Set up your PiKVM
+2. Configured the [Tailscale integration](https://docs.pikvm.org/tailscale/) using the [official PiKVM documentation](https://docs.pikvm.org/)
+
+## 📦 Installation
+
+To install, run the following command on your PiKVM:
+
+```bash
 curl -L -s "https://raw.githubusercontent.com/nateinaction/pikvm-tailscale-cert-renewer/main/install.sh" | bash
 ```
+
+## 🔍 Monitoring 
+
+After installation, the certificate renewer runs as a system service. You can monitor its status using systemctl:
+
+```bash
+systemctl status pikvm-tailscale-cert-renewer
+```
+
+For more detailed logs, use journalctl:
+
+```bash
+journalctl -u pikvm-tailscale-cert-renewer
+```
+
+## 🎬 Covered Scenarios
+
+The certificate renewer primarily operates in an idle state but actively watches for the following scenarios:
+- Tailscale domain changes
+- Certificate mismatchs between Tailscale and filesystem caused by
+    - Certificate revocation
+    - Certificate expiry
+    - Missing certificate files
+    - Modified certificate files
+- NGINX configuration changes
+
+## 📋 Example Log
+Here's an example log output when a Tailscale domain change occurs:
+
+```
+Jul 17 04:25:31 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:31 WARN cert file does not exist path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.crt
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read/write
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote cert file path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.crt
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote key file path=/etc/kvmd/nginx/ssl/my-domain.mytailnet.ts.net.key
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read-only
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 WARN cert or key line not found in nginx config path=/etc/kvmd/nginx/ssl.conf
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read/write
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO wrote to nginx ssl config path=/etc/kvmd/nginx/ssl.conf
+Jul 17 04:25:46 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:46 INFO filesystem mode changed to read-only
+Jul 17 04:25:48 pikvm pikvm-tailscale-cert-renewer[11845]: 2024/07/17 04:25:48 INFO kvmd-nginx restarted
+```
+
+## 📝 License
+This project is licensed under the MIT License - see the LICENSE file for details.
+
+## 🤝 Contributing
+Contributions, issues, and feature requests are welcome! Feel free to check the issues page.
+
+## 🌟 Show your support
+Give a ⭐️ if this project helped you!
+
+## 📞 Contact
+If you have any questions or feedback, please [open an issue](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/issues) or start a [discussion](https://github.com/nateinaction/pikvm-tailscale-cert-renewer/discussions).
diff --git a/install.sh b/install.sh
index de61fbf..949a7a6 100644
--- a/install.sh
+++ b/install.sh
@@ -7,8 +7,7 @@ set -e
 
 function cleanup {
     # Set FS to read-only
-    ro 2>&1 1>/dev/null
-    echo "filesystem mode changed to read-only"
+    ro
 }
 
 trap cleanup EXIT
@@ -26,8 +25,7 @@ latest_release=$(curl -s "https://api.github.com/repos/${repo}/releases/latest"
 echo "Latest release: ${latest_release}"
 
 # Set FS to read/write
-rw 2>&1 1>/dev/null
-echo "filesystem mode changed to read/write"
+rw
 
 # Download binary and move to /usr/local/bin
 curl -L -s "https://github.com/${repo}/releases/download/${latest_release}/${tar_name}.tar.gz" -o /tmp/${tar_name}.tar.gz
@@ -41,3 +39,5 @@ curl -L -s "https://raw.githubusercontent.com/${repo}/${latest_release}/${name}.
 systemctl daemon-reload
 systemctl enable "${name}"
 systemctl start "${name}"
+
+echo "Installed ${name} ${latest_release}"