san domain handling centralised

Dockerfile

@@ -17,6 +17,6 @@ RUN chmod 775 /run/postgresql
 
 ADD /rootfs /
 
-VOLUME /var/lib/postgresql/data
+VOLUME /var/lib/postgresql/data /var/lib/postgresql/.lego
 
 EXPOSE 5432

rootfs/bin/concat-sans

@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv sh
+
+SAN_DOMAINS=""
+
+export IFS=";"
+for SAN in ${POSTGRES_SAN}
+do
+    SAN_DOMAINS="${SAN_DOMAINS} --domains=\"${SAN}\""
+done
+
+echo ${SAN_DOMAINS}

rootfs/bin/renew-certificates

@@ -2,13 +2,15 @@
 
 cd /var/lib/postgresql
 
+SAN_DOMAINS=$(/bin/concat-sans)
+
 OLD_MOD=$(stat -c %y /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt)
 
 lego \
         --accept-tos \
         --server="${POSTGRES_CA}" \
         --email="${POSTGRES_ACME_EMAIL}" \
-        --domains="${POSTGRES_DOMAIN}" \
+        --domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \
         --dns="${POSTGRES_DNS_PROVIDER}" \
         renew --days 30
 

rootfs/etc/cont-init.d/02-certificates

@@ -2,13 +2,7 @@
 
 cd /var/lib/postgresql
 
-SAN_DOMAINS=""
-
-export IFS=";"
-for SAN in ${POSTGRES_SAN}
-do
-    SAN_DOMAINS="${SAN_DOMAINS} --domains=\"${SAN}\""
-done
+SAN_DOMAINS=$(/bin/concat-sans)
 
 if [ ! -f /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt ]; then
     chown -R postgres /var/lib/postgresql/.lego
@@ -24,7 +18,7 @@ else
         --accept-tos \
         --server="${POSTGRES_CA}" \
         --email="${POSTGRES_ACME_EMAIL}" \
-        --domains="${POSTGRES_DOMAIN}" \
+        --domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \
         --dns="${POSTGRES_DNS_PROVIDER}" \
         renew --days 30
 fi