bundles/letsencrypt: add metadata to reload certificates and services

2020-06-01 12:29:16 +02:00 · 2020-06-01 12:29:16 +02:00 · 5f804ca3be
commit 5f804ca3be
parent 2a6547dfb7
5 changed files with 74 additions and 2 deletions
--- a/bundles/letsencrypt/files/config
+++ b/bundles/letsencrypt/files/config
@ -0,0 +1,5 @@
+CONFIG_D=/etc/dehydrated/conf.d
+BASEDIR=/var/lib/dehydrated
+WELLKNOWN="${BASEDIR}/acme-challenges"
+DOMAINS_TXT="/etc/dehydrated/domains.txt"
+HOOK="/etc/dehydrated/hook.sh"
--- a/bundles/letsencrypt/files/hook.sh
+++ b/bundles/letsencrypt/files/hook.sh
@ -0,0 +1,37 @@
+deploy_cert() {<%text>
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"</%text>
+% for service, config in node.metadata.get('letsencrypt', {}).get('concat_and_deploy', {}).items():
+<%text>
+    ### concat_and_deploy ${service}</%text>
+    if [ "$DOMAIN" = "${config['match_domain']}" ]; then
+        cat $KEYFILE > ${config['target']}
+        cat $FULLCHAINFILE >> ${config['target']}
+%  if 'chown' in config:
+        chown ${config['chown']} ${config['target']}
+%  endif
+%  if 'chmod' in config:
+        chmod ${config['chmod']} ${config['target']}
+%  endif
+%  if 'commands' in config:
+%   for command in config['commands']:
+        ${command}
+%   endfor
+%  endif
+    fi
+% endfor
+}
+
+
+exit_hook() {<%text>
+    local ERROR="${1:-}"</%text>
+
+% for service in sorted(node.metadata.get('letsencrypt', {}).get('reload_after', set())):
+    systemctl reload-or-restart ${service}
+% endfor
+}
+
+<%text>
+HANDLER="$1"; shift
+if [[ "${HANDLER}" =~ ^(deploy_cert|exit_hook)$ ]]; then
+  "$HANDLER" "$@"
+fi</%text>
--- a/bundles/letsencrypt/items.py
+++ b/bundles/letsencrypt/items.py
@ -21,4 +21,9 @@ files = {
            'action:letsencrypt_update_certificates',
        },
    },
+    '/etc/dehydrated/config': {},
+    '/etc/dehydrated/hook.sh': {
+        'content_type': 'mako',
+        'mode': '0755',
+    },
 }