First commit

9 years ago · 051e021fdd
commit 051e021fdd
22 changed files with 254 additions and 0 deletions
--- a/18
+++ b/18
@ -0,0 +1,18 @@
 #!/usr/bin/perl -w
 use esmith::Build::CreateLinks qw(:all);
 templates2events("/etc/letsencrypt.sh/config.sh", qw(le-update ssl-update bootstrap-console-save));
 templates2events("/etc/crontab", qw(le-update));
 templates2events("/etc/letsencrypt.sh/domains.txt",
                 qw(
                   le-update
                   bootstrap-console-save
                   domain-create
                   domain-delete
                   host-create
                   host-delete
                   host-modify
                 ));
 templates2events("/etc/httpd/conf/httpd.conf", qw(le-update));
 safe_symlink("sigusr1", "root/etc/e-smith/events/le-update/services2adjust/httpd-e-smith");
--- a/root/etc/e-smith/db/configuration/defaults/letsencrypt/status
+++ b/root/etc/e-smith/db/configuration/defaults/letsencrypt/status
@ -0,0 +1 @@
 enabled
--- a/root/etc/e-smith/db/configuration/defaults/letsencrypt/type
+++ b/root/etc/e-smith/db/configuration/defaults/letsencrypt/type
@ -0,0 +1 @@
 service
--- a/root/etc/e-smith/events/actions/exec-letsencrypt
+++ b/root/etc/e-smith/events/actions/exec-letsencrypt
@ -0,0 +1,3 @@
 #!/bin/sh
 exec /usr/bin/letsencrypt.sh -c
--- a/root/etc/e-smith/templates/etc/crontab/80letsencrypt
+++ b/root/etc/e-smith/templates/etc/crontab/80letsencrypt
@ -0,0 +1,13 @@
 {
 my $le = $letsencrypt{'status'} || 'disabled';
 if ($le eq 'enabled'){
  $OUT .= '# Letsencrypt renewal' . "\n";
  $OUT .= '2 4 * * * root sleep $[ $RANDOM \% 3600 ]; /usr/bin/letsencrypt.sh -c > /dev/null 2>&1' . "\n";
 }
 else{
  $OUT .= '# Letsencrypt is disabled' . "\n";
 }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir
@ -0,0 +1,19 @@
 {
  if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
    $OUT .=<<"_EOF";
 <Directory /var/lib/letsencrypt.sh>
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from all
    Header set Content-Type "application/jose+json"
 </Directory>
 _EOF
  }
  else{
    $OUT .= "# Letsencrypt is disabled\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt
@ -0,0 +1,13 @@
 {
  if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
    $OUT .=<<"_EOF";
    Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
    <Location /.well-known/acme-challenge/>
      Allow from all
    </Location>
 _EOF
  }
  else{
    $OUT .= "# Support for Letsencrypt is disabled on this domain\n";
  }
 }
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/20BaseDir
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/20BaseDir
@ -0,0 +1 @@
 BASEDIR=/home/e-smith/db/letsencrypt.sh/
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/30WellKnown
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/30WellKnown
@ -0,0 +1 @@
 WELLKNOWN=/var/lib/letsencrypt.sh/
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/40KeySize
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/40KeySize
@ -0,0 +1 @@
 KEYSIZE="{ $letsencrypt{KeySize} || '4096' }"
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/50Hook
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/50Hook
@ -0,0 +1 @@
 HOOK=/sbin/e-smith/le_hook.sh
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/60Renew
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/60Renew
@ -0,0 +1,2 @@
 RENEW_DAYS="30"
 PRIVATE_KEY_RENEW="yes"
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains
@ -0,0 +1,32 @@
 {
 use esmith::DomainsDB;
 use esmith::HostsDB;
 my $d = esmith::DomainsDB->open_ro || die "Couldn't open DomainsDB\n";
 my $h = esmith::HostsDB->open_ro || die "Couldn't open HostsDB\n";
 my $names = ();
 foreach my $domain ($d->domains, $d->get_all_by_prop(type => 'vhost')){
  my $le = $domain->prop('Letsencrypt') || 'enabled';
  push @names, $domain->key unless $le ne 'enabled';
 }
 foreach my $host ($h->hosts){
  my $name = $host->key;
  my $dom = $DomainName;
  if ($name =~ m/[a-z0-9]*\.(.*)/i){
    $dom = $1;
  }
  my $type = $host->prop('HostType') || 'Self';
  my $le = $host->prop('Letsencrypt') || 'disabled';
  if ($le =~ m/^enabled|yes|1|on$/i ||
      $type eq 'Self' && $dom eq $DomainName){
    push @names, $host->key;
  }
 }
 $OUT .= join(" ", @names);
 }
--- a/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin
+++ b/root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin
--- a/root/sbin/e-smith/le_hook.sh
+++ b/root/sbin/e-smith/le_hook.sh
@ -0,0 +1,17 @@
 #!/bin/sh
 ACTION=shift
 if [ "$ACTION" == "deploy_cert" ]; then
  # New cert
  KEY=shift
  CRT=shift
  CHAIN=shift
  /sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
  /sbin/e-smith/signal-event ssl-update
 elif [ "$ACTION" == "clean_challenge" ]; then
  ALTNAME=shift
  if [ "$ALTNAME" == "" ]; then
    echo "Error while creating or renewing letsencrypt certificate" | mail -s "Letsencrypt error" admin
  fi
 fi
--- a/smeserver-letsencrypt-client.spec
+++ b/smeserver-letsencrypt-client.spec
@ -0,0 +1,53 @@
 %define version 0.0.1
 %define release 0.beta9
 %define name smeserver-letsencrypt-client
 Summary: Letencrypt client for SME Server
 Name: %{name}
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
 Group: Applications/System
 Source: %{name}-%{version}.tar.gz
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 BuildArchitectures: noarch
 BuildRequires: e-smith-devtools
 Requires: e-smith-base >= 5.4.0-26
 Requires: letsencrypt.sh
 %description
 Automatically get certificates from letsencrypt
 Using https://github.com/lukas2511/letsencrypt.sh
 %changelog
 * Fri Jan 22 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1.sme
 - Initial release
 %prep
 %setup -q -n %{name}-%{version}
 %build
 %{__mkdir_p} root/home/e-smith/db/letsencrypt.sh
 perl createlinks
 %install
 /bin/rm -rf $RPM_BUILD_ROOT
 (cd root; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
 /bin/rm -f %{name}-%{version}-filelist
 /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
  --dir /var/lib/letsencrypt 'attr(0750,root,apache)' \
  --dir /home/e-smith/db/letsencrypt.sh 'attr(0750,root,root)' \
  > %{name}-%{version}-filelist
 %files -f %{name}-%{version}-filelist
 %defattr(-,root,root)
 %clean
 rm -rf $RPM_BUILD_ROOT
 %pre
 %post
		`@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`exec /usr/bin/letsencrypt.sh -c`
		`@ -0,0 +1 @@`
							`KEYSIZE="{ $letsencrypt{KeySize} \|\| '4096' }"`