cp over all the bundles from kunsis bw repo

2021-12-21 15:56:24 +01:00 · 2021-12-21 15:56:24 +01:00 · 1f73b04351
commit 1f73b04351
parent 65b117b819
89 changed files with 3991 additions and 0 deletions
--- a/bundles/letsencrypt/files/config
+++ b/bundles/letsencrypt/files/config
@ -0,0 +1,5 @@
+CONFIG_D=/etc/dehydrated/conf.d
+BASEDIR=/var/lib/dehydrated
+WELLKNOWN="${BASEDIR}/acme-challenges"
+DOMAINS_TXT="/etc/dehydrated/domains.txt"
+HOOK="/etc/dehydrated/hook.sh"
--- a/bundles/letsencrypt/files/domains.txt
+++ b/bundles/letsencrypt/files/domains.txt
@ -0,0 +1,3 @@
+% for domain, aliases in sorted(node.metadata.get('letsencrypt/domains', {}).items()):
+${domain} ${' '.join(sorted(aliases))}
+% endfor
--- a/bundles/letsencrypt/files/hook.sh
+++ b/bundles/letsencrypt/files/hook.sh
@ -0,0 +1,37 @@
+deploy_cert() {<%text>
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"</%text>
+% for service, config in node.metadata.get('letsencrypt/concat_and_deploy', {}).items():
+
+    # concat_and_deploy ${service}
+    if [ "$DOMAIN" = "${config['match_domain']}" ]; then
+        cat $KEYFILE > ${config['target']}
+        cat $FULLCHAINFILE >> ${config['target']}
+%  if 'chown' in config:
+        chown ${config['chown']} ${config['target']}
+%  endif
+%  if 'chmod' in config:
+        chmod ${config['chmod']} ${config['target']}
+%  endif
+%  if 'commands' in config:
+%   for command in config['commands']:
+        ${command}
+%   endfor
+%  endif
+    fi
+% endfor
+}
+
+
+exit_hook() {<%text>
+    local ERROR="${1:-}"</%text>
+
+% for service in sorted(node.metadata.get('letsencrypt/reload_after', set())):
+    systemctl reload-or-restart ${service}
+% endfor
+}
+
+<%text>
+HANDLER="$1"; shift
+if [[ "${HANDLER}" =~ ^(deploy_cert|exit_hook)$ ]]; then
+    "$HANDLER" "$@"
+fi</%text>
--- a/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
+++ b/bundles/letsencrypt/files/letsencrypt-ensure-some-certificate
@ -0,0 +1,31 @@
+#!/bin/sh
+
+domain=$1
+just_check=$2
+
+cert_path="/var/lib/dehydrated/certs/$domain"
+
+already_exists=false
+if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" -a -f "$cert_path/chain.pem" ]
+then
+    already_exists=true
+fi
+
+if [ "$just_check" = true ]
+then
+    if [ "$already_exists" = true ]
+    then
+        exit 0
+    else
+        exit 1
+    fi
+fi
+
+if [ "$already_exists" != true ]
+then
+    rm -r "$cert_path"
+    mkdir -p "$cert_path"
+    openssl req -x509 -newkey rsa:4096 -nodes -days 1 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
+    chmod 0600 "$cert_path/privkey.pem"
+    cp "$cert_path/fullchain.pem" "$cert_path/chain.pem"
+fi