From 81d1555dbca1468c34b6472623eaa5a88c2f55b0 Mon Sep 17 00:00:00 2001
From: Darsey Litzenberger <dlitz@dlitz.net>
Date: Thu, 19 Mar 2026 20:02:53 -0600
Subject: [PATCH] Add acmetool hook example

---
 examples/acmetool/mtik-cert-pusher-hook | 34 +++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100755 examples/acmetool/mtik-cert-pusher-hook

diff --git a/examples/acmetool/mtik-cert-pusher-hook b/examples/acmetool/mtik-cert-pusher-hook
new file mode 100755
index 0000000..16f2fcf
--- /dev/null
+++ b/examples/acmetool/mtik-cert-pusher-hook
@@ -0,0 +1,34 @@
+#!/bin/bash
+# dlitz 2026
+set -eu
+
+EVENT_NAME="$1"
+[ "$EVENT_NAME" = "live-updated" ] || exit 42
+
+[ -e "/etc/default/acme-mtik-cert-pusher-hook" ] && . /etc/default/acme-mtik-cert-pusher-hook
+[ -e "/etc/conf.d/acme-mtik-cert-pusher-hook" ] && . /etc/conf.d/acme-mtik-cert-pusher-hook
+[ -z "${ACME_STATE_DIR-}" ] && ACME_STATE_DIR="/var/lib/acme"
+
+declare -A match_hosts=()
+while read name dummy; do
+    if [[ "$name" == \#* ]]; then
+        # Ignore comments
+        continue
+    fi
+    match_hosts["$name"]=1
+done < "$ACME_STATE_DIR/conf/mtik-hosts"
+
+cd /opt/mtik-cert-pusher
+
+while read name; do
+    certdir="$ACME_STATE_DIR/live/$name"
+    if [ -z "$name" -o ! -e "$certdir" ]; then
+        continue
+    fi
+
+    if ! [ "${match_hosts[$name]+1}" ]; then
+        continue
+    fi
+
+    python3 -m mtik_cert_pusher deploy --private-key "$certdir/privkey" --cert "$certdir/cert" --chain "$certdir/chain" --ssh-host "$name"
+done