* Wed Feb 12 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-2.sme

- move smanager panel in package [SME: 12916] - add Requires - add templates from smeserver-letsencrypt - use /var/www/html/.well-known/acme-challenge
2025-02-13 01:05:14 -05:00
parent 80e98728e8
commit e631a1dffc
54 changed files with 2327 additions and 20 deletions
--- a/root/etc/e-smith/templates/usr/bin/hook-script.sh/10deploy_cert
+++ b/root/etc/e-smith/templates/usr/bin/hook-script.sh/10deploy_cert
@@ -0,0 +1,54 @@
+{
+    use strict;
+    use warnings;
+    use esmith::ConfigDB;
+
+    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
+
+    my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
+
+    my $version = $configDB->get_prop( 'sysconfig', 'ReleaseVersion' );
+
+    $version = substr( $version, 0, 1 );
+
+    if ( $letsencryptStatus ne 'disabled' ) {
+
+        if ( $version == 8 ) {
+            $OUT .= <<'_EOF';
+    
+    if [ $1 = "deploy_cert" ]; then
+      KEY=$3
+      CERT=$4
+      CHAIN=$6
+      echo "Set up modSSL db keys"
+      /sbin/e-smith/db configuration setprop modSSL key $KEY
+      /sbin/e-smith/db configuration setprop modSSL crt $CERT
+      /sbin/e-smith/db configuration setprop modSSL CertificateChainFile $CHAIN
+      echo "Signal events"
+      /sbin/e-smith/signal-event domain-modify
+      /sbin/e-smith/signal-event email-update
+      /sbin/e-smith/signal-event ibay-modify
+      echo "All complete"
+    fi
+_EOF
+        }
+        else {
+
+            $OUT .= <<'_EOF';
+    
+    if [ $1 = "deploy_cert" ]; then
+      KEY=$3
+      CERT=$4
+      CHAIN=$6
+      echo "Set up modSSL db keys"
+      /sbin/e-smith/db configuration setprop modSSL key $KEY
+      /sbin/e-smith/db configuration setprop modSSL crt $CERT
+      /sbin/e-smith/db configuration setprop modSSL CertificateChainFile $CHAIN
+      echo "Signal events"
+      /sbin/e-smith/signal-event ssl-update
+      echo "All complete"
+    fi
+_EOF
+        }
+    }
+}
--- a/root/etc/e-smith/templates/usr/bin/hook-script.sh/20challenges
+++ b/root/etc/e-smith/templates/usr/bin/hook-script.sh/20challenges
@@ -0,0 +1,76 @@
+{
+    use strict;
+    use warnings;
+    use esmith::ConfigDB;
+
+    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
+
+    my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )     || 'disabled';
+    my $hookscript        = $configDB->get_prop( 'letsencrypt', 'hookScript' ) || 'disabled';
+    my $host              = $configDB->get_prop( 'letsencrypt', 'host' )       || '';
+    my $user              = $configDB->get_prop( 'letsencrypt', 'user' )       || '';
+    my $path              = $configDB->get_prop( 'letsencrypt', 'path' )       || '';
+
+    if ( $letsencryptStatus ne 'disabled' && $hookscript eq 'enabled' && $host ne '' && $user ne '' && $path ne '' ) {
+
+        $OUT .= "if [ \$1 = \"deploy_challenge\" ]; then\n";
+        $OUT .= "  CHALLENGE_FILE=\$3\n";
+        $OUT .= "  CHALLENGE_CONTENT=\$4\n";
+        $OUT .= "  HOST=\"$host\" # FQDN or IP of public-facing server\n";
+        $OUT .= "  USER=\"$user\" # username on public-facing server\n";
+        $OUT .= "  REMOTE_PATH=\"$path\"\n";
+        $OUT .= "  if scp \$WELLKNOWN/\$CHALLENGE_FILE \$USER@\$HOST:\$REMOTE_PATH/\$CHALLENGE_FILE; then\n";
+        $OUT .= "    exit 0\n";
+        $OUT .= "  else\n";
+        $OUT .= "    echo \" Failed to deploy challenge !\" \n ";
+        $OUT .= " exit 1 \n ";
+        $OUT .= " fi \n ";
+        $OUT .= "fi \n ";
+        $OUT .= "\n";
+        $OUT .= " if [ \$1 = \"clean_challenge\" ]; then\n";
+        $OUT .= "  CHALLENGE_FILE=\$3\n";
+        $OUT .= "  HOST=\"$host\" # FQDN or IP of public-facing server\n";
+        $OUT .= "  USER=\"$user\" # username on public-facing server\n";
+        $OUT .= "  REMOTE_PATH=\"$path\"\n";
+        $OUT .= "  if ssh \$USER\@\$HOST \"rm \$REMOTE_PATH/\$CHALLENGE_FILE\"; then\n";
+        $OUT .= "    exit 0\n";
+        $OUT .= "  else\n";
+        $OUT .= "    echo \" Failed to clean challenge !\" \n ";
+        $OUT .= " exit 1 \n ";
+        $OUT .= " fi \n ";
+        $OUT .= "fi \n ";
+    }
+    else {
+        $OUT .= "# The following all have to be set to enable deploy/clean challenges\n";
+        $OUT .= "# \n";
+        if ( $hookscript ne '' ) {
+            $OUT .= "# hookScript: $hookscript\n";
+        }
+        else {
+            $OUT .= "# hookScript: Not Set\n";
+        }
+
+        if ( $host ne '' ) {
+            $OUT .= "# host: $host\n";
+        }
+        else {
+            $OUT .= "# host: Not Set\n";
+        }
+
+        if ( $user ne '' ) {
+            $OUT .= "# user: $user\n";
+        }
+        else {
+            $OUT .= "# user: Not Set\n";
+        }
+
+        if ( $path ne '' ) {
+            $OUT .= "# path: $path\n";
+        }
+        else {
+            $OUT .= "# path: Not Set\n";
+        }
+
+    }
+
+}
--- a/root/etc/e-smith/templates/usr/bin/hook-script.sh/template-begin
+++ b/root/etc/e-smith/templates/usr/bin/hook-script.sh/template-begin
@@ -0,0 +1,17 @@
+{
+    use strict;
+    use warnings;
+    use esmith::ConfigDB;
+
+    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
+
+    my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
+
+    if ( $letsencryptStatus ne 'disabled' ) {
+
+        $OUT .= "#!/bin/bash\n";
+        $OUT .= "# deploy_cert hook will set config database entries for the cert files\n";
+        $OUT .= "# and restart appropriate services\n";
+        $OUT .= "#\n";
+    }
+}