smeserver/smeserver-certificates
6
0
Fork 0
generated from smedev/Template-for-SMEServer-Core-Package
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Wed Feb 12 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-2.sme

Browse Source 
- move smanager panel in package [SME: 12916]
- add Requires
- add templates from smeserver-letsencrypt
- use /var/www/html/.well-known/acme-challenge
This commit is contained in:
Jean-Philippe Pialasse 2025-02-13 01:05:14 -05:00
parent 80e98728e8
commit e631a1dffc
54 changed files with 2327 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
createlinks
View File

@ -2,9 +2,47 @@
use esmith::Build::CreateLinks qw(:all);
use esmith::Build::Backup qw(:all);
# our event specific for updating with yum without reboot
$event = 'smeserver-certificates-update';
my $event = 'smeserver-certificates-update';
foreach (qw(
/etc/dehydrated/domains.txt
/etc/dehydrated/config
/usr/bin/hook-script.sh
))
{
templates2events("$_", qw(
post-upgrade
bootstrap-console-save
console-save
domain-create
domain-delete
domain-modify
host-create
host-delete
host-modify
smeserver-certificates-update
letsencrypt-config
));
}
foreach (qw(
/etc/cron.d/dehydrated
))
{
templates2events("$_", qw(
post-upgrade
bootstrap-console-save
console-save
http-proxy-update
smeserver-certificates-update
letsencrypt-config
));
}
event_link("letsencrypt-kill-dehydrated-timer", $event, "91");
#add here the path to your templates needed to expand
#see the /etc/systemd/system-preset/49-koozali.preset should be present for systemd integration on all you yum update event
@ -21,22 +59,15 @@ foreach my $file (qw(
event_link('systemd-default', $event, '10');
event_link('systemd-reload', $event, '50');
#services we might need to restart
#event_services($event, 'xxxx' => 'restart', 'yyyy' => 'restart');
#Backup contrib files
# backup_includes("smeserver-certificates", qw(
# files(s) to be backed up
#));
#Other possible entries:
#Server manager entry
#panel_link("smeserver-certificates", 'manager');
#Events to smeserver-certificates
#$event = 'smeserver-certificates-smeserver-certificates';
# safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/smeserver-certificates");
# templates2events("/etc/smeserver-certificates/smeserver-certificates.conf", $event);
use esmith::Build::Backup qw(:all);
backup_includes("smeserver-certificates", qw(
/etc/dehydrated/
));
backup_excludes("smeserver-certificates", qw(
/etc/dehydrated/config
/etc/dehydrated/domains.txt
));

1
root/etc/dnf/plugins/post-transaction-actions.d/dehydrated.action Normal file
View File

@ -0,0 +1 @@
dehydrated:any:/sbin/e-smith/signal-event smeserver-certificates-update

1
root/etc/e-smith/db/configuration/defaults/letsencrypt/configure vendored Normal file
View File

@ -0,0 +1 @@
none

1
root/etc/e-smith/db/configuration/defaults/letsencrypt/hookScript Normal file
View File

@ -0,0 +1 @@
disabled

1
root/etc/e-smith/db/configuration/defaults/letsencrypt/status Normal file
View File

@ -0,0 +1 @@
disabled

1
root/etc/e-smith/db/configuration/defaults/letsencrypt/type Normal file
View File

@ -0,0 +1 @@
service

4
root/etc/e-smith/events/actions/letsencrypt-setdomains
View File

@ -135,7 +135,9 @@ for DOMAIN in $domainlist
/sbin/e-smith/db $TYPE delprop $DOMAIN letsencryptMYIP
continue
fi
THISDOMIP=$(/usr/bin/q A @$mydns $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null || /usr/bin/q A @$LOCALIP $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null )
# q output has changed
#THISDOMIP=$(/usr/bin/q A @$mydns $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null || /usr/bin/q A @$LOCALIP $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null)
THISDOMIP=$(/usr/bin/q @$mydns A $DOMAIN -f json |jq -r 'first(.[].replies[].answer[].a | select( . != null )) // null' 2>/dev/null || /usr/bin/q @$LOCALIP A $DOMAIN -f json |jq -r 'first(.[].replies[].answer[].a | select( . != null )) // null' 2>/dev/null )
previous=$(/sbin/e-smith/db $TYPE getprop $DOMAIN letsencryptSSLcert||echo 'undefined');
# if it does not resolve, next
if [[ "$THISDOMIP" == "" ]]

1
root/etc/e-smith/templates.metadata/etc/cron.d/dehydrated Normal file
View File

@ -0,0 +1 @@
PERMS=0644

1
root/etc/e-smith/templates.metadata/usr/bin/hook-script.sh Normal file
View File

@ -0,0 +1 @@
PERMS=0755

20
root/etc/e-smith/templates/etc/cron.d/dehydrated/10dehydrated Normal file
View File

@ -0,0 +1,20 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
if ( $letsencryptStatus eq 'enabled' ) {
$OUT .= "#!/bin/sh\n\n";
$OUT .= "32 3 * * 5 root test -s /etc/dehydrated/domains.txt && /usr/bin/dehydrated --cron";
}
else {
$OUT .= "# letsencrypt is disabled\n";
}
}

13
root/etc/e-smith/templates/etc/dehydrated/config/01notice Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
########################################################
# This is the main config file for dehydrated #
# #
# This file is looked for in the following locations: #
# $SCRIPTDIR/config (next to this script) #
# /usr/local/etc/dehydrated/config #
# /etc/dehydrated/config #
# ${PWD}/config (in current working-directory) #
# #
# Default values of this config are in comments #
########################################################

5
root/etc/e-smith/templates/etc/dehydrated/config/02variables Normal file
View File

@ -0,0 +1,5 @@
{
$letsencryptStatus = $letsencrypt{'status'} || 'disabled';
$letsencryptAPI = $letsencrypt{'API'} || 'auto';
"";
}

6
root/etc/e-smith/templates/etc/dehydrated/config/05usergroup Normal file
View File

@ -0,0 +1,6 @@
# Which user should dehydrated run as? This will be implictly enforced when running as root
#DEHYDRATED_USER=
# Which group should dehydrated run as? This will be implictly enforced when running as root
#DEHYDRATED_GROUP=

90
root/etc/e-smith/templates/etc/dehydrated/config/10Default Normal file
View File

@ -0,0 +1,90 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|| 'disabled';
# Default to v2 as v1 no longer supported for new certs. At the moment (Oct 2020) v1 still supported for renewing certs.
my $letsencryptAPI = $configDB->get_prop( 'letsencrypt', 'API' )
|| '2';
$OUT .= "#!/bin/bash\n";
if ( $letsencryptStatus eq 'disabled' ) {
$OUT .= "letsencrypt is disabled";
}
else {
# We should only be here if we are not disabled
if ( $letsencryptStatus eq 'test' ) {
# Use staging directory for testing
# Once you are sure you have the settings right then change
# If it's v1 then use v1, if v2 or auto then use v2 staging
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-staging.api.letsencrypt.org/directory\"\n";
}
elsif ( ( $letsencryptAPI eq '2' ) || ( $letsencryptAPI eq 'auto' ) ) {
$OUT .= "CA=\"https://acme-staging-v02.api.letsencrypt.org/directory\"\n";
}
}
elsif ( $letsencryptStatus ne 'test' ) {
# Real server - default settings are in the the main dehydrated file
# Only use this once you are sure things are OK or you will hit a rate limit.
# If it's v1 then use v1, if v2 then v2, if auto accept the defaults in the main file
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-v01.api.letsencrypt.org/directory\"\n";
}
elsif ( $letsencryptAPI eq '2' ) {
$OUT .= "CA=\"https://acme-v02.api.letsencrypt.org/directory\"\n";
}
}
$OUT .= "WELLKNOWN=\"/var/www/html/.well-known/acme-challenge\"\n";
# Hook Script always enabled
$OUT .= "HOOK=\"/usr/bin/hook-script.sh\"\n";
# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
#BASEDIR=$SCRIPTDIR
$OUT .= "BASEDIR=\"/etc/dehydrated\"\n";
# Location of private account key (default: $BASEDIR/private_key.pem)
#PRIVATE_KEY="${BASEDIR}/private_key.pem"
my $letsencryptKeysize = $configDB->get_prop( 'letsencrypt', 'keysize' )
|| '';
if ( $letsencryptKeysize ne '' ) {
# Default keysize for private keys (default: 4096)
$OUT .= "KEYSIZE=\"4096\"\n";
}
my $letsencryptEmail = $configDB->get_prop( 'letsencrypt', 'email' ) || '';
if ( $letsencryptEmail ne '' ) {
# E-mail to use during the registration (default: <unset>)
$OUT .= "CONTACT_EMAIL=$letsencryptEmail\n";
}
# API version - auto | 1 | 2
if ( $letsencryptAPI eq '1' ) {
$OUT .= "API=\"1\"\n";
}
elsif ( $letsencryptAPI eq '2' ) {
$OUT .= "API=\"2\"\n";
}
else {
$OUT .= "API=\"auto\"\n";
}
}
}

5
root/etc/e-smith/templates/etc/dehydrated/config/10IPVersion Normal file
View File

@ -0,0 +1,5 @@
# Resolve names to addresses of IP version only. (curl)
# supported values: 4, 6
# default: <unset>
IP_VERSION=4

36
root/etc/e-smith/templates/etc/dehydrated/config/15CA Normal file
View File

@ -0,0 +1,36 @@
# Path to certificate authority (default: https://acme-v02.api.letsencrypt.org/directory)
{
if ( $letsencryptStatus eq 'test' ) {
# Use staging directory for testing
# Once you are sure you have the settings right then change
# If it's v1 then use v1, if v2 or auto then use v2 staging
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-staging.api.letsencrypt.org/directory\"\n";
}
elsif ( ( $letsencryptAPI eq '2' ) || ( $letsencryptAPI eq 'auto' ) ) {
$OUT .= "CA=\"https://acme-staging-v02.api.letsencrypt.org/directory\"\n";
}
}
elsif ( $letsencryptStatus ne 'test' ) {
# Real server - default settings are in the the main dehydrated file
# Only use this once you are sure things are OK or you will hit a rate limit.
# If it's v1 then use v1, if v2 then v2, if auto accept the defaults in the main file
if ( $letsencryptAPI eq '1' ) {
$OUT .= "CA=\"https://acme-v01.api.letsencrypt.org/directory\"\n";
}
elsif ( $letsencryptAPI eq '2' ) {
$OUT .= "CA=\"https://acme-v02.api.letsencrypt.org/directory\"\n";
}
else {
$OUT .= "#CA=\"https://acme-v02.api.letsencrypt.org/directory\"\n";
}
}
}

7
root/etc/e-smith/templates/etc/dehydrated/config/16OLDCA Normal file
View File

@ -0,0 +1,7 @@
# Path to old certificate authority
# Set this value to your old CA value when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
# If dehydrated detects an account-key for the old CA it will automatically reuse that key
# instead of registering a new one.
# default: https://acme-v01.api.letsencrypt.org/directory
#OLDCA="https://acme-v01.api.letsencrypt.org/directory"

11
root/etc/e-smith/templates/etc/dehydrated/config/20ACCEPT_TERMS Normal file
View File

@ -0,0 +1,11 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $ACCEPT_TERMS = $configDB->get_prop( 'letsencrypt', 'ACCEPT_TERMS' )
|| 'no';
$OUT .= "PARAM_ACCEPT_TERMS=\"yes\"\n" if $ACCEPT_TERMS eq 'yes';
$OUT .= "# letsencrypt property ACCEPT_TERMS not set to yes\n" unless $ACCEPT_TERMS eq 'yes';
}

3
root/etc/e-smith/templates/etc/dehydrated/config/20challenge Normal file
View File

@ -0,0 +1,3 @@
# Which challenge should be used? Currently http-01, dns-01 and tls-alpn-01 are supported
#CHALLENGETYPE="http-01"

29
root/etc/e-smith/templates/etc/dehydrated/config/25directories Normal file
View File

@ -0,0 +1,29 @@
# Path to a directory containing additional config files, allowing to override
# the defaults found in the main configuration file. Additional config files
# in this directory needs to be named with a '.sh' ending.
# default: <unset>
#CONFIG_D=
# Directory for per-domain configuration files.
# If not set, per-domain configurations are sourced from each certificates output directory.
# default: <unset>
#DOMAINS_D=
# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
BASEDIR=$SCRIPTDIR
# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
DOMAINS_TXT="${BASEDIR}/domains.txt"
# Output directory for generated certificates
CERTDIR="${BASEDIR}/certs"
# Output directory for alpn verification certificates
ALPNCERTDIR="${BASEDIR}/alpn-certs"
# Directory for account keys and registration information
ACCOUNTDIR="${BASEDIR}/accounts"
# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
WELLKNOWN="/var/www/dehydrated"

3
root/etc/e-smith/templates/etc/dehydrated/config/30KEYSIZE Normal file
View File

@ -0,0 +1,3 @@
# Default keysize for private keys (default: 4096)
KEYSIZE="{$letsencrypt{KeySize}||$modSSL{KeySize}||4096}"

3
root/etc/e-smith/templates/etc/dehydrated/config/30KEY_ALGO Normal file
View File

@ -0,0 +1,3 @@
# SME Server does not support yet elliptic curve (qpsmtpd and perl-IO-SOcket-SSL < 1.95)
KEY_ALGO=rsa

3
root/etc/e-smith/templates/etc/dehydrated/config/35days Normal file
View File

@ -0,0 +1,3 @@
# Minimum days before expiration to automatically renew certificate (default: 30)
RENEW_DAYS="{$letsencrypt{DAYS} || 30}"

8
root/etc/e-smith/templates/etc/dehydrated/config/36openssl Normal file
View File

@ -0,0 +1,8 @@
# Path to openssl config file (default: <unset> - tries to figure out system default)
#OPENSSL_CNF=
# Path to OpenSSL binary (default: "openssl")
OPENSSL="{ return "/usr/bin/openssl11" if ( -f "/usr/bin/openssl11" );
"/usr/bin/openssl"
}"

3
root/etc/e-smith/templates/etc/dehydrated/config/40curlextra Normal file
View File

@ -0,0 +1,3 @@
# Extra options passed to the curl binary (default: <unset>)
#CURL_OPTS=

6
root/etc/e-smith/templates/etc/dehydrated/config/42PrivateKey Normal file
View File

@ -0,0 +1,6 @@
# Regenerate private keys instead of just signing new certificates on renewal (default: yes)
#PRIVATE_KEY_RENEW="yes"
# Create an extra private key for rollover (default: no)
#PRIVATE_KEY_ROLLOVER="no"

3
root/etc/e-smith/templates/etc/dehydrated/config/45Algorithm Normal file
View File

@ -0,0 +1,3 @@
# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=rsa

15
root/etc/e-smith/templates/etc/dehydrated/config/47hook Normal file
View File

@ -0,0 +1,15 @@
# Program or function called in certain situations
#
# After generating the challenge-response, or after failed challenge (in this case altname is empty)
# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content
#
# After successfully signing certificate
# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
#
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
# default: <unset>
HOOK= /usr/bin/hook-script.sh
# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
#HOOK_CHAIN="no"

3
root/etc/e-smith/templates/etc/dehydrated/config/50email Normal file
View File

@ -0,0 +1,3 @@
# E-mail to use during the registration (default: <unset>)
CONTACT_EMAIL="{$letsencrypt{'email'}||''}"

3
root/etc/e-smith/templates/etc/dehydrated/config/60lockfile Normal file
View File

@ -0,0 +1,3 @@
# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
LOCKFILE="${BASEDIR}/lock"

9
root/etc/e-smith/templates/etc/dehydrated/config/65OCSP Normal file
View File

@ -0,0 +1,9 @@
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
#OCSP_MUST_STAPLE="no"
# Fetch OCSP responses (default: no)
#OCSP_FETCH="no"
# OCSP refresh interval (default: 5 days)
#OCSP_DAYS=5

3
root/etc/e-smith/templates/etc/dehydrated/config/70chain Normal file
View File

@ -0,0 +1,3 @@
# Issuer chain cache directory (default: $BASEDIR/chains)
#CHAINCACHE="${BASEDIR}/chains"

3
root/etc/e-smith/templates/etc/dehydrated/config/75cleanup Normal file
View File

@ -0,0 +1,3 @@
# Automatic cleanup (default: no)
#AUTO_CLEANUP="no"

3
root/etc/e-smith/templates/etc/dehydrated/config/80API Normal file
View File

@ -0,0 +1,3 @@
# ACME API version (default: auto)
API="{$letsencryptAPI||'auto'}"

5
root/etc/e-smith/templates/etc/dehydrated/config/85ACCEPT_TERMS Normal file
View File

@ -0,0 +1,5 @@
{
my $ACCEPT_TERMS = $letsencrypt{'ACCEPT_TERMS'} || 'no';
return "PARAM_ACCEPT_TERMS=\"yes\"\n" if $ACCEPT_TERMS eq 'yes';
$OUT .= "# letsencrypt property ACCEPT_TERMS not set to yes\n" unless $ACCEPT_TERMS eq 'yes';
}

0
root/etc/e-smith/templates/etc/dehydrated/config/template-begin Normal file
View File

133
root/etc/e-smith/templates/etc/dehydrated/domains.txt/10Domains Normal file
View File

@ -0,0 +1,133 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $domainsDB = esmith::ConfigDB->open_ro('domains')
or die("can't connect to domains database");
my $hostsDB = esmith::ConfigDB->open_ro('hosts')
or die("can't connect to hosts database");
# my $dbKey = 'domain';
# my $systemMode = $configDB->get("SystemMode")->value;
# if ( $systemMode ne 'servergateway' ) {
# $OUT .= "# System not in Server Gateway mode\n";
# }
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' )
|| 'disabled';
if ( $letsencryptStatus ne 'disabled' ) {
# This should get all the connections in an array
my @domains = $domainsDB->keys;
my @hosts = $hostsDB->keys;
# print "@domains\n";
# Need to check here if we want ALL set
# all, domains, hosts, both, none
my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none';
# First get all the domains
# We could do this BUT only once as the array drops $vars
# my $dom = shift @domains;
# Patch from JPP
# Put Primary domain at top
my $DomainName = $configDB->get('DomainName')->value;
my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' )
|| 'disabled';
$OUT .= "$DomainName " unless $mainDomainStatus eq 'disabled';
foreach my $domain (@domains) {
# If we are all or domains then lets do all regardless
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) {
# Check for self
#my $domainStatus =
# $domainsDB->get_prop( "Nameservers", 'HostType' ) || '';
#
#if ( $domainStatus eq 'Localhost' ) {
$OUT .= "$domain ";
#}
}
else {
my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' )
|| 'disabled';
if ( $domainEnabled eq 'enabled' ) {
$OUT .= "$domain " unless $DomainName eq $domain;
}
}
# Now check for hosts
# Buggered if I remember why we check that
# the host has a domain name in domains !
# Must have been a reason
foreach my $fqdn (@hosts) {
# If we are set to all or hosts just do it
if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) {
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
}
# Just do selected entries
else {
# Lets get the hostname
my $hostname = $fqdn;
$hostname =~ s/\..*//;
# print "$hostname\n";
# Lets get the domain name
my $domainname = $fqdn;
$domainname =~ s/.*?\.//;
# print "$domainname\n";
# is the domain name from the hosts file
# the same as that in the domains file ?
my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' )
|| 'disabled';
if ( $domainname eq $domain && $hostEnabled eq 'enabled' ) {
# Are we self ?
my $type = $hostsDB->get_prop( "$fqdn", 'HostType' );
my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' )
|| 'disabled';
# print "Override $hostOverride";
if ( $hostOverride eq 'yes' ) {
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
}
elsif ( $type eq 'Self' ) {
# print "Here: $fqdn $type\n";
$OUT .= "$fqdn " unless $DomainName eq $fqdn;
}
}
}
}
}
}
else {
$OUT .= "# letsencrypt is disabled\n";
}
}

0
root/etc/e-smith/templates/etc/dehydrated/domains.txt/template-begin Normal file
View File

12
root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/80-koozali-dehydrated-timer.preset Normal file
View File

@ -0,0 +1,12 @@
# dehydrated.timer preset
{
# depending on letsencrypt status
#$status = $letsencrypt{status} || 'disabled';
#$status = ($status eq "enabled") ? "enable" : "disable";
#$OUT .= "$status dehydrated.timer\n";
# or always disabled
$OUT .= "disable dehydrated.timer\n";
}

54
root/etc/e-smith/templates/usr/bin/hook-script.sh/10deploy_cert Normal file
View File

@ -0,0 +1,54 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
my $version = $configDB->get_prop( 'sysconfig', 'ReleaseVersion' );
$version = substr( $version, 0, 1 );
if ( $letsencryptStatus ne 'disabled' ) {
if ( $version == 8 ) {
$OUT .= <<'_EOF';
if [ $1 = "deploy_cert" ]; then
KEY=$3
CERT=$4
CHAIN=$6
echo "Set up modSSL db keys"
/sbin/e-smith/db configuration setprop modSSL key $KEY
/sbin/e-smith/db configuration setprop modSSL crt $CERT
/sbin/e-smith/db configuration setprop modSSL CertificateChainFile $CHAIN
echo "Signal events"
/sbin/e-smith/signal-event domain-modify
/sbin/e-smith/signal-event email-update
/sbin/e-smith/signal-event ibay-modify
echo "All complete"
fi
_EOF
}
else {
$OUT .= <<'_EOF';
if [ $1 = "deploy_cert" ]; then
KEY=$3
CERT=$4
CHAIN=$6
echo "Set up modSSL db keys"
/sbin/e-smith/db configuration setprop modSSL key $KEY
/sbin/e-smith/db configuration setprop modSSL crt $CERT
/sbin/e-smith/db configuration setprop modSSL CertificateChainFile $CHAIN
echo "Signal events"
/sbin/e-smith/signal-event ssl-update
echo "All complete"
fi
_EOF
}
}
}

76
root/etc/e-smith/templates/usr/bin/hook-script.sh/20challenges Normal file
View File

@ -0,0 +1,76 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
my $hookscript = $configDB->get_prop( 'letsencrypt', 'hookScript' ) || 'disabled';
my $host = $configDB->get_prop( 'letsencrypt', 'host' ) || '';
my $user = $configDB->get_prop( 'letsencrypt', 'user' ) || '';
my $path = $configDB->get_prop( 'letsencrypt', 'path' ) || '';
if ( $letsencryptStatus ne 'disabled' && $hookscript eq 'enabled' && $host ne '' && $user ne '' && $path ne '' ) {
$OUT .= "if [ \$1 = \"deploy_challenge\" ]; then\n";
$OUT .= " CHALLENGE_FILE=\$3\n";
$OUT .= " CHALLENGE_CONTENT=\$4\n";
$OUT .= " HOST=\"$host\" # FQDN or IP of public-facing server\n";
$OUT .= " USER=\"$user\" # username on public-facing server\n";
$OUT .= " REMOTE_PATH=\"$path\"\n";
$OUT .= " if scp \$WELLKNOWN/\$CHALLENGE_FILE \$USER@\$HOST:\$REMOTE_PATH/\$CHALLENGE_FILE; then\n";
$OUT .= " exit 0\n";
$OUT .= " else\n";
$OUT .= " echo \" Failed to deploy challenge !\" \n ";
$OUT .= " exit 1 \n ";
$OUT .= " fi \n ";
$OUT .= "fi \n ";
$OUT .= "\n";
$OUT .= " if [ \$1 = \"clean_challenge\" ]; then\n";
$OUT .= " CHALLENGE_FILE=\$3\n";
$OUT .= " HOST=\"$host\" # FQDN or IP of public-facing server\n";
$OUT .= " USER=\"$user\" # username on public-facing server\n";
$OUT .= " REMOTE_PATH=\"$path\"\n";
$OUT .= " if ssh \$USER\@\$HOST \"rm \$REMOTE_PATH/\$CHALLENGE_FILE\"; then\n";
$OUT .= " exit 0\n";
$OUT .= " else\n";
$OUT .= " echo \" Failed to clean challenge !\" \n ";
$OUT .= " exit 1 \n ";
$OUT .= " fi \n ";
$OUT .= "fi \n ";
}
else {
$OUT .= "# The following all have to be set to enable deploy/clean challenges\n";
$OUT .= "# \n";
if ( $hookscript ne '' ) {
$OUT .= "# hookScript: $hookscript\n";
}
else {
$OUT .= "# hookScript: Not Set\n";
}
if ( $host ne '' ) {
$OUT .= "# host: $host\n";
}
else {
$OUT .= "# host: Not Set\n";
}
if ( $user ne '' ) {
$OUT .= "# user: $user\n";
}
else {
$OUT .= "# user: Not Set\n";
}
if ( $path ne '' ) {
$OUT .= "# path: $path\n";
}
else {
$OUT .= "# path: Not Set\n";
}
}
}

17
root/etc/e-smith/templates/usr/bin/hook-script.sh/template-begin Normal file
View File

@ -0,0 +1,17 @@
{
use strict;
use warnings;
use esmith::ConfigDB;
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) || 'disabled';
if ( $letsencryptStatus ne 'disabled' ) {
$OUT .= "#!/bin/bash\n";
$OUT .= "# deploy_cert hook will set config database entries for the cert files\n";
$OUT .= "# and restart appropriate services\n";
$OUT .= "#\n";
}
}

566
root/usr/share/smanager/lib/SrvMngr/Controller/Letsencrypt-Custom.pm Normal file
View File

@ -0,0 +1,566 @@
#
# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-11-16 10:30:16
#
#
# Routines to be edited by the developer to provide content and validation for parameters
# and provison of the control data for table(s)
#
use esmith::util;
use esmith::util::network;
use esmith::ConfigDB;
use esmith::HostsDB;
use esmith::AccountsDB;
use esmith::NetworksDB;
use esmith::DomainsDB;
use constant FALSE => 0;
use constant TRUE => 1;
#The most common ones
our $cdb = esmith::ConfigDB->open() || die("Couldn't open config db");
our $adb = esmith::AccountsDB->open() || die("Couldn't open Accounts db");
our $ndb = esmith::NetworksDB->open() || die("Couldn't open Network db");
our $hdb = esmith::HostsDB->open() || die("Couldn't open Hosts db");
our $ddb = esmith::DomainsDB->open() || die("Couldn't open Domains db");
# Validation routines - parameters for each panel
sub validate_LIST {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
# Validation for each field
my $ret = "";
if (!TRUE) #validate $c->param('InternalIP')
{
$ret .= 'Validation for InternalIP failed';
}
if (!TRUE) #validate $c->param('ExternalIP')
{
$ret .= 'Validation for ExternalIP failed';
}
if (!TRUE) #validate $c->param('InternetIP')
{
$ret .= 'Validation for InternetIP failed';
}
if (!TRUE) #validate $c->param('Issuer')
{
$ret .= 'Validation for Issuer failed';
}
if (!TRUE) #validate $c->param('Expiry')
{
$ret .= 'Validation for Expiry failed';
}
if (!TRUE) #validate $c->param('NotBefore')
{
$ret .= 'Validation for NotBefore failed';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub validate_LIST
sub validate_PARAMS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
# Validation for each field
my $ret = "";
if (!TRUE) #validate $c->param('status')
{
$ret .= 'Validation for status failed';
}
if (!TRUE) #validate $c->param('hookScript')
{
$ret .= 'Validation for hookScript failed';
}
if (!TRUE) #validate $c->param('hostOverride')
{
$ret .= 'Validation for hostOverride failed';
}
if (!TRUE) #validate $c->param('ACCEPT_TERMS')
{
$ret .= 'Validation for ACCEPT_TERMS failed';
}
if (!TRUE) #validate $c->param('API')
{
$ret .= 'Validation for API failed';
}
if (!TRUE) #validate $c->param('keysize')
{
$ret .= 'Validation for keysize failed';
}
if (!TRUE) #validate $c->param('configure')
{
$ret .= 'Validation for configure failed';
}
if (!TRUE) #validate $c->param('Email')
{
$ret .= 'Validation for Email failed';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub validate_PARAMS
sub validate_CHECKALLDOMAINS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
# Validation for each field
my $ret = "";
if (!TRUE) #validate $c->param('AllDomainsCheck')
{
$ret .= 'Validation for AllDomainsCheck failed';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub validate_CHECKALLDOMAINS
sub validate_CHECKALLENABLEDDOMAINS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
# Validation for each field
my $ret = "";
if (!TRUE) #validate $c->param('EnabledDomainsCheck')
{
$ret .= 'Validation for EnabledDomainsCheck failed';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub validate_CHECKALLENABLEDDOMAINS
sub validate_CHECKONEDOMAIN {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
# Validation for each field
my $ret = "";
if (!TRUE) #validate $c->param('OneDomainToCheck')
{
$ret .= 'Validation for OneDomainToCheck failed';
}
if (!TRUE) #validate $c->param('OneDomainsCheck')
{
$ret .= 'Validation for OneDomainsCheck failed';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub validate_CHECKONEDOMAIN
# Get singleton data for each panel
sub get_data_for_panel_LIST {
# Return a hash with the fields required which will be loaded into the shared data
my $c = shift;
# my ($reply, $err, $server_cert) = Net::SSLeay::sslcat('localhost', 443, '/');
# my $issuer = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($server_cert));
# my $before = Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notBefore($server_cert));
# my $expiry = Net::SSLeay::P_ASN1_TIME_get_isotime(Net::SSLeay::X509_get_notAfter($server_cert));
my %ret = (
'Data1' => 'Data for LIST', #Example
# fields from Inputs in LIST $fields['LIST']
'InternalIP' => $cdb->get_prop('InternalInterface', 'IPAddress'),
'ExternalIP' => $cdb->get_prop('ExternalInterface', 'IPAddress'),
'InternetIP' => $c->get_my_ip(),
'Issuer' => '$issuer',
'Expiry' => '$expiry',
'NotBefore' => '$before',
);
return %ret;
} ## end sub get_data_for_panel_LIST
sub get_data_for_panel_PARAMS {
# Return a hash with the fields required which will be loaded into the shared data
my $c = shift;
my %ret = (
'Data1' => 'Data for PARAMS', #Example
# fields from Inputs in PARAMS $fields['PARAMS']
'status' => $cdb->get_prop('letsencrypt', 'status', 'disabled'),
'hookScript' => $cdb->get_prop('letsencrypt', 'hookScript', 'disabled'),
'hostOverride' => $cdb->get_prop('letsencrypt', 'hostOverride', 'disabled'),
'ACCEPT_TERMS' => $cdb->get_prop('letsencrypt', 'ACCEPT_TERMS', ''),
'API' => $cdb->get_prop('letsencrypt', 'API', '2'),
'keysize' => $cdb->get_prop('letsencrypt', 'keysize', '4096'),
'configure' => $cdb->get_prop('letsencrypt', 'configure', 'none'),
'email' => $cdb->get_prop('letsencrypt', 'email')
);
return %ret;
} ## end sub get_data_for_panel_PARAMS
sub get_data_for_panel_CHECKALLDOMAINS {
# Return a hash with the fields required which will be loaded into the shared data
my $c = shift;
my %ret = (
'Data1' => 'Data for CHECKALLDOMAINS', #Example
# fields from Inputs in CHECKALLDOMAINS $fields['CHECKALLDOMAINS']
'AllDomainsCheck' => $c->update_all_domains(),
);
return %ret;
} ## end sub get_data_for_panel_CHECKALLDOMAINS
sub get_data_for_panel_CHECKALLENABLEDDOMAINS {
# Return a hash with the fields required which will be loaded into the shared data
my $c = shift;
my %ret = (
'Data1' => 'Data for CHECKALLENABLEDDOMAINS', #Example
# fields from Inputs in CHECKALLENABLEDDOMAINS $fields['CHECKALLENABLEDDOMAINS']
'EnabledDomainsCheck' => $c->update_enabled_domains(),
);
return %ret;
} ## end sub get_data_for_panel_CHECKALLENABLEDDOMAINS
sub get_data_for_panel_CHECKONEDOMAIN {
# Return a hash with the fields required which will be loaded into the shared data
my $c = shift;
my %ret = (
'Data1' => 'Data for CHECKONEDOMAIN', #Example
# fields from Inputs in CHECKONEDOMAIN $fields['CHECKONEDOMAIN']
'OneDomainToCheck' => $c->param("CHECKONEDOMAIN"),
'OneDomainsCheck' => $c->update_one_domain($c->param("CHECKONEDOMAIN"))
);
return %ret;
} ## end sub get_data_for_panel_CHECKONEDOMAIN
# Get control data for table(s)
# Define a constant hash for field name mapping
use constant DomainList_FIELD_MAPPING => (
'Table1-Domain name / HOSTNAME' => 'Domain',
'Table1-Brief description' => 'Description',
'Table1-Content' => 'Content',
'Table1-LABEL_NAMESERVERS' => 'Nameservers',
'Table1-LABEL_POINT' => 'Source-for-Table1-LABEL_POINT',
'Table1-LABEL_LECERT' => 'letsencryptSSLcert',
'Table1-IS_IN_CERT' => 'isincert',
'Table1-CHECK' => 'Check'
#'target_field2' => 'source_field2',
# Add more mappings as needed
);
use constant TEST_DOMAIN_LIST => (
{ "domain" => "Domain1", "fred" => "fred1", "description" => "Description1" },
{ "domain" => "Domain2", "fred" => "fred2", "description" => "Description2" },
{ "domain" => "Domain3", "fred" => "fred3", "description" => "Description3" },
# Add more test entries as needed
);
sub actual_DomainList {
my $c = shift;
# Actual code for extracting DomainList
my @list = ();
# my @rv = Net::SSLeay::X509_get_subjectAltNames($server_cert);
# foreach my $element (@rv) {
# next if $element =~ /^\d+$/; ;
# #print $element . "\n";
# push @list, $element;
# }
my @data = ();
my $check = $c->l('Check Domain');
for ($ddb->domains) {
my $ns = $_->prop('Nameservers') || 'internet';
my $le = $_->prop('letsencryptSSLcert') || 'disabled'; #letsencrypt configure all
my $dname = $_->key;
my $isincert = "N";
my $link = $c->create_link("letsencryptd", "CHECKONEDOMAIN", "");
my $checklink = "<a href='" . $link . "&CHECKONEDOMAIN=" . $_->key . "'>" . $check . "</a>";
#my $checklink = "<a href=''>check</a>";
$isincert = "Y" if ($dname ~~ @list);
# domain
push @data,
{
Domain => $_->key,
$_->props,
letsencryptSSLcert => $le,
isincert => $isincert,
Check => $checklink,
Nameservers => $ns,
};
#and hosts
for my $h ($hdb->get_hosts_by_domain($dname)) {
next if $ddb->get($h->key);
next unless ($h->prop('HostType') eq "Self" || $h->prop('HostType') eq "Local");
$le = $h->prop('letsencryptSSLcert') || 'disabled'; #letsencrypt configure all
$isincert = "N";
$isincert = "Y" if ($h->key ~~ @list);
push @data, {
Domain => "--> " . $h->key,
$h->props,
Description => $h->prop('ExternalIP') || $h->prop('InternalIP') || "",
Content => $h->prop('HostType'),
isincert => $isincert,
Check => "", #$checklink
Nameservers => $c->l($ns),
};
} ## end for my $h ($hdb->get_hosts_by_domain...)
} ## end for ($ddb->domains)
return @data;
} ## end sub actual_DomainList
sub get_DomainList {
# Return an array of hashes of the contents for each row and column for DomainList
my $c = shift;
my @source_records
= $c->actual_DomainList(); #TEST_DOMAIN_LIST #Replace by code or call to produce contents of table;
my @transformed_records;
my %Field_Mapping = DomainList_FIELD_MAPPING;
# Iterate over each record in the source array
for my $source_record (@source_records) {
my %transformed_record;
# Iterate over each key-value pair in the $Field_Mapping constant
while (my ($target, $source) = each %Field_Mapping) {
# Check if the source field exists in the source record
if (exists $source_record->{$source}) {
# Assign the source field value to the target field in the transformed record
$transformed_record{$target} = $source_record->{$source};
}
} ## end while (my ($target, $source...))
# Add transformed record to the array if it's not empty
push @transformed_records, \%transformed_record if %transformed_record;
} ## end for my $source_record (...)
return \@transformed_records;
} ## end sub get_DomainList
# Return hash with values from row in which link clicked on table
sub get_selected_LIST {
my $c = shift;
my $selected = shift; #Parameter is name of selected row.
my $is_new_record = shift; #Indicates new record required (defaults)
my %ret = {};
return %ret;
} ## end sub get_selected_LIST
sub get_selected_PARAMS {
my $c = shift;
my $selected = shift; #Parameter is name of selected row.
my $is_new_record = shift; #Indicates new record required (defaults)
my %ret = {};
return %ret;
} ## end sub get_selected_PARAMS
sub get_selected_CHECKALLDOMAINS {
my $c = shift;
my $selected = shift; #Parameter is name of selected row.
my $is_new_record = shift; #Indicates new record required (defaults)
my %ret = {};
return %ret;
} ## end sub get_selected_CHECKALLDOMAINS
sub get_selected_CHECKALLENABLEDDOMAINS {
my $c = shift;
my $selected = shift; #Parameter is name of selected row.
my $is_new_record = shift; #Indicates new record required (defaults)
my %ret = {};
return %ret;
} ## end sub get_selected_CHECKALLENABLEDDOMAINS
sub get_selected_CHECKONEDOMAIN {
my $c = shift;
my $selected = shift; #Parameter is name of selected row.
my $is_new_record = shift; #Indicates new record required (defaults)
my %ret = {};
return %ret;
} ## end sub get_selected_CHECKONEDOMAIN
#after sucessful modify or create or whatever and submit then perfom (if the params validate)
sub perform_LIST {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
my $ret = "";
my $db = $cdb; #maybe one of the others
my $dbkey = 'ChangeThis';
if (!TRUE
) #copy or perform with value: InternalIP e.g. $db->set_prop($dbkey,'InternalIP',$c->param('InternalIP'),type=>'service'))
{
$ret .= 'Perform/save failed for InternalIP';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: ExternalIP e.g. $db->set_prop($dbkey,'ExternalIP',$c->param('ExternalIP'),type=>'service'))
{
$ret .= 'Perform/save failed for ExternalIP';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: InternetIP e.g. $db->set_prop($dbkey,'InternetIP',$c->param('InternetIP'),type=>'service'))
{
$ret .= 'Perform/save failed for InternetIP';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: Issuer e.g. $db->set_prop($dbkey,'Issuer',$c->param('Issuer'),type=>'service'))
{
$ret .= 'Perform/save failed for Issuer';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: Expiry e.g. $db->set_prop($dbkey,'Expiry',$c->param('Expiry'),type=>'service'))
{
$ret .= 'Perform/save failed for Expiry';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: NotBefore e.g. $db->set_prop($dbkey,'NotBefore',$c->param('NotBefore'),type=>'service'))
{
$ret .= 'Perform/save failed for NotBefore';
} ## end if (!TRUE)
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub perform_LIST
sub perform_PARAMS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
my $ret = "";
my $db = $cdb; #maybe one of the others
my $dbkey = 'letsencrypt';
# To make it write to DB as comment, delete this (regex) string in each if statement "TRUE\) \#copy or perform with value: .* e.g."
if (!$db->set_prop($dbkey, 'status', $c->param('status'), type => 'service')) {
$ret .= 'Perform/save failed for status';
}
if (!$db->set_prop($dbkey, 'hookScript', $c->param('hookScript'), type => 'service')) {
$ret .= 'Perform/save failed for hookScript';
}
if (!$db->set_prop($dbkey, 'hostOverride', $c->param('hostOverride'), type => 'service')) {
$ret .= 'Perform/save failed for hostOverride';
}
if (!$db->set_prop($dbkey, 'ACCEPT_TERMS', $c->param('ACCEPT_TERMS'), type => 'service')) {
$ret .= 'Perform/save failed for ACCEPT_TERMS';
}
if (!$db->set_prop($dbkey, 'API', $c->param('API'), type => 'service')) { $ret .= 'Perform/save failed for API'; }
if (!$db->set_prop($dbkey, 'keysize', $c->param('keysize'), type => 'service')) {
$ret .= 'Perform/save failed for keysize';
}
if (!$db->set_prop($dbkey, 'configure', $c->param('configure'), type => 'service')) {
$ret .= 'Perform/save failed for configure';
}
if (!$db->set_prop($dbkey, 'email', $c->param('email'), type => 'service')) {
$ret .= 'Perform/save failed for email';
}
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub perform_PARAMS
sub perform_CHECKALLDOMAINS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
my $ret = "";
my $db = $cdb; #maybe one of the others
my $dbkey = 'ChangeThis';
if (!TRUE
) #copy or perform with value: AllDomainsCheck e.g. $db->set_prop($dbkey,'AllDomainsCheck',$c->param('AllDomainsCheck'),type=>'service'))
{
$ret .= 'Perform/save failed for AllDomainsCheck';
} ## end if (!TRUE)
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub perform_CHECKALLDOMAINS
sub perform_CHECKALLENABLEDDOMAINS {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
my $ret = "";
my $db = $cdb; #maybe one of the others
my $dbkey = 'ChangeThis';
if (!TRUE
) #copy or perform with value: EnabledDomainsCheck e.g. $db->set_prop($dbkey,'EnabledDomainsCheck',$c->param('EnabledDomainsCheck'),type=>'service'))
{
$ret .= 'Perform/save failed for EnabledDomainsCheck';
} ## end if (!TRUE)
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub perform_CHECKALLENABLEDDOMAINS
sub perform_CHECKONEDOMAIN {
my $c = shift;
my $prefix_data = shift; #Data hash as parameter
my $ret = "";
my $db = $cdb; #maybe one of the others
my $dbkey = 'ChangeThis';
if (!TRUE
) #copy or perform with value: OneDomainToCheck e.g. $db->set_prop($dbkey,'OneDomainToCheck',$c->param('OneDomainToCheck'),type=>'service'))
{
$ret .= 'Perform/save failed for OneDomainToCheck';
} ## end if (!TRUE)
if (!TRUE
) #copy or perform with value: OneDomainsCheck e.g. $db->set_prop($dbkey,'OneDomainsCheck',$c->param('OneDomainsCheck'),type=>'service'))
{
$ret .= 'Perform/save failed for OneDomainsCheck';
} ## end if (!TRUE)
if ($ret eq "") { $ret = 'ok'; }
return $ret;
} ## end sub perform_CHECKONEDOMAIN
sub create_link {
# WIP
my ($c, $route, $panel, $index) = @_;
my $link = "$route?trt=$panel&Selected=$index";
return $link;
} ## end sub create_link
sub get_my_ip {
my ($self, $item, $prop, $default) = @_;
my $output = `/usr/sbin/e-smith/getmyip`;
return $output || "IP";
} ## end sub get_my_ip
sub update_one_domain {
my ($self, $domain) = @_;
return "$domain not domain" unless ($ddb->get($domain) || $hdb->get($domain));
($domain) = ($domain =~ /([\w\p{L}.]+)/);
my $output = `/etc/e-smith/events/actions/letsencrypt-setdomains " " $domain `;
return $output || "-empty-";
} ## end sub update_one_domain
sub update_all_domains {
my $self = shift;
my $output = `/etc/e-smith/events/actions/letsencrypt-setdomains "" "" all `;
return $output || "-empty-";
} ## end sub update_all_domains
sub update_enabled_domains {
my $self = shift;
my $output = `/etc/e-smith/events/actions/letsencrypt-setdomains "" "" enabled `;
return $output || "-empty-";
} ## end sub update_enabled_domains
1;

448
root/usr/share/smanager/lib/SrvMngr/Controller/Letsencrypt.pm Normal file
View File

@ -0,0 +1,448 @@
package SrvMngr::Controller::Letsencrypt;
#
# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
#
#----------------------------------------------------------------------
# heading : Network
# description : Letsencrypt certificate
# navigation : 6000 6600
#
# name : letsencrypt, method : get, url : /letsencrypt, ctlact : Letsencrypt#main
# name : letsencryptu, method : post, url : /letsencryptu, ctlact : Letsencrypt#do_update
# name : letsencryptd, method : get, url : /letsencryptd, ctlact : Letsencrypt#do_display
#
# routes : end
#
# Documentation: https://wiki.contribs.org/Letsencrypt
#----------------------------------------------------------------------
#
# Scheme of things:
#
# TBA!!
use strict;
use warnings;
use Mojo::Base 'Mojolicious::Controller';
use constant FALSE => 0;
use constant TRUE => 1;
use Locale::gettext;
use SrvMngr::I18N;
use SrvMngr qw(theme_list init_session);
use Data::Dumper;
use esmith::util;
use esmith::util::network;
use esmith::ConfigDB;
use esmith::AccountsDB;
use esmith::NetworksDB;
use esmith::HostsDB;
use esmith::DomainsDB;
require
'/usr/share/smanager/lib/SrvMngr/Controller/Letsencrypt-Custom.pm'; #The code that is to be added by the developer
sub main {
#
# Initial entry - route is "/<whatever>"
#
#set initial panel
#for initial panel:
#Specifiy panel to enter
#load up _data hash with DB fields
#load up stash with pointer(s) to control fields hash(= get-))
#and a pointer to the prefix_data hash
#render initial panel
my $c = shift;
$c->app->log->info($c->log_req);
#The most common ones
my $cdb = esmith::ConfigDB->open() || die("Couldn't open config db");
my $adb = esmith::AccountsDB->open() || die("Couldn't open Accounts db");
my $ndb = esmith::NetworksDB->open() || die("Couldn't open Network db");
my $hdb = esmith::HostsDB->open() || die("Couldn't open Hosts db");
my $ddb = esmith::DomainsDB->open() || die("Couldn't open Domains db");
my %lets_data = ();
my $title = $c->l('lets_Letsencrypt_certificate');
my $modul = '';
$lets_data{'trt'} = 'LIST';
#Load any DB entries into the <prefix>_data area so as they are preset in the form
# which DB - this only really works if the initial panel is a PARAMS type panel and not a TABLE
my $db = $cdb; #pickup local or global db or Default to config
$c->do_display($lets_data{'trt'});
} ## end sub main
# Post request with params - submit from the form
sub do_update {
#
# Return after submit pushed on panel (this is a post) - route is "/<whatever>u"
# parameters in the params hash.
#
#load up all params into prefix_data hash:
#By panel (series of if statements - only one executed):
#call validate-PANEL() - return ret = ok or error message
#if validation not ok:
#render back to current panel with error message in stash
#otherwise:
#By panel (series of if statements - only one executed):
#do whatever is required: call perform-PANEL() - return "ok" or Error Message
#call signal-event for any global actions specified (check it exists - error and continue?)
#if action smeserver-<whatever>-update exists
#signal_event smeserver-<whatever>-update
#call signal-event for any specific actions for thids panel (check it exists first - error and continue)
#set success in stash
#if no "nextpanel" entry:
#set firstpanel
#else
#set nextpanel
#call render
my $c = shift;
$c->app->log->info($c->log_req);
my $modul = '';
#The most common ones - you might want to comment out any not used.
my $cdb = esmith::ConfigDB->open() || die("Couldn't open config db");
my $adb = esmith::AccountsDB->open() || die("Couldn't open Accounts db");
my $ndb = esmith::NetworksDB->open() || die("Couldn't open Network db");
my $hdb = esmith::HostsDB->open() || die("Couldn't open Hosts db");
my $ddb = esmith::DomainsDB->open() || die("Couldn't open Domains db");
my %lets_data = ();
my $title = $c->l('lets_Letsencrypt_certificate');
# Accessing all POST parameters
my %params = $c->req->params->to_hash;
# Get number of POST parameters
my $num_params = keys %params;
#Params are available in the hash "params" - copy to the prefix_data hash
#while (my ($key, $value) = each %{$c->req->params->to_hash}) {
# $lets_data{$key} = $value;
#}
# the value of trt will tell you which panel has returned
my $trt = $c->param('trt') || 'LIST'; #hidden control on every form.
my $ret = 'ok';
#Validate the parameters in a custom sub one for each panel (although only one of these will be executed)
my $thispanel;
if ($trt eq 'LIST') {
#Validate form parameters for panel LIST
$ret = $c->validate_LIST(\%lets_data);
$thispanel = 'LIST';
} ## end if ($trt eq 'LIST')
if ($trt eq 'PARAMS') {
#Validate form parameters for panel PARAMS
$ret = $c->validate_PARAMS(\%lets_data);
$thispanel = 'PARAMS';
} ## end if ($trt eq 'PARAMS')
if ($trt eq 'CHECKALLDOMAINS') {
#Validate form parameters for panel CHECKALLDOMAINS
$ret = $c->validate_CHECKALLDOMAINS(\%lets_data);
$thispanel = 'CHECKALLDOMAINS';
} ## end if ($trt eq 'CHECKALLDOMAINS')
if ($trt eq 'CHECKALLENABLEDDOMAINS') {
#Validate form parameters for panel CHECKALLENABLEDDOMAINS
$ret = $c->validate_CHECKALLENABLEDDOMAINS(\%lets_data);
$thispanel = 'CHECKALLENABLEDDOMAINS';
} ## end if ($trt eq 'CHECKALLENABLEDDOMAINS')
if ($trt eq 'CHECKONEDOMAIN') {
#Validate form parameters for panel CHECKONEDOMAIN
$ret = $c->validate_CHECKONEDOMAIN(\%lets_data);
$thispanel = 'CHECKONEDOMAIN';
} ## end if ($trt eq 'CHECKONEDOMAIN')
if ($ret ne "ok") {
$c->do_display($thispanel);
} else {
#Do whatever is needed, including writing values to the DB
if ($trt eq 'LIST') {
#do whatever is required ...
$ret = $c->perform_LIST(\%lets_data);
if ($ret ne "ok") {
# return to the panel with error message
$c->stash(error => $c->l($ret));
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} else {
$c->stash(success => $c->l('lets_LIST_panel_action_was_successful'))
; #A bit bland - edit it in the lex file
}
} ## end if ($trt eq 'LIST')
if ($trt eq 'PARAMS') {
#do whatever is required ...
$ret = $c->perform_PARAMS(\%lets_data);
if ($ret ne "ok") {
# return to the panel with error message
$c->stash(error => $c->l($ret));
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} else {
$c->stash(success => $c->l('lets_PARAMS_panel_action_was_successful'))
; #A bit bland - edit it in the lex file
}
} ## end if ($trt eq 'PARAMS')
if ($trt eq 'CHECKALLDOMAINS') {
#do whatever is required ...
$ret = $c->perform_CHECKALLDOMAINS(\%lets_data);
if ($ret ne "ok") {
# return to the panel with error message
$c->stash(error => $c->l($ret));
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} else {
$c->stash(success => $c->l('lets_CHECKALLDOMAINS_panel_action_was_successful'))
; #A bit bland - edit it in the lex file
}
} ## end if ($trt eq 'CHECKALLDOMAINS')
if ($trt eq 'CHECKALLENABLEDDOMAINS') {
#do whatever is required ...
$ret = $c->perform_CHECKALLENABLEDDOMAINS(\%lets_data);
if ($ret ne "ok") {
# return to the panel with error message
$c->stash(error => $c->l($ret));
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} else {
$c->stash(success => $c->l('lets_CHECKALLENABLEDDOMAINS_panel_action_was_successful'))
; #A bit bland - edit it in the lex file
}
} ## end if ($trt eq 'CHECKALLENABLEDDOMAINS')
if ($trt eq 'CHECKONEDOMAIN') {
#do whatever is required ...
$ret = $c->perform_CHECKONEDOMAIN(\%lets_data);
if ($ret ne "ok") {
# return to the panel with error message
$c->stash(error => $c->l($ret));
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} else {
$c->stash(success => $c->l('lets_CHECKONEDOMAIN_panel_action_was_successful'))
; #A bit bland - edit it in the lex file
}
} ## end if ($trt eq 'CHECKONEDOMAIN')
# and call any signal-events needed
#TBD
# Setup shared data and call panel
if ('none' eq 'none') {
$lets_data{'trt'} = 'LIST';
} else {
$lets_data{'trt'} = 'none';
}
$c->do_display($lets_data{'trt'});
} ## end else [ if ($ret ne "ok") ]
} ## end sub do_update
sub do_display {
#
# Return after link clicked in table (this is a get) - route is "/<whatever>d"
# Expects ?trt=PANEL&selected="TableRowName" plus any other required
#
# OR it maybe a post from the main panel to add a new record
#
#load up all supplied params into prefix_data hash
#call get-selected-PANEL() - returns hash of all relevent parameters
#load up returned hash into prefix_data
#render - to called panel
my ($c, $trt) = @_;
$c->app->log->info($c->log_req);
#The most common ones - you might want to comment out any not used.
my $cdb = esmith::ConfigDB->open() || die("Couldn't open config db");
my $adb = esmith::AccountsDB->open() || die("Couldn't open Accounts db");
my $ndb = esmith::NetworksDB->open() || die("Couldn't open Network db");
my $hdb = esmith::HostsDB->open() || die("Couldn't open Hosts db");
my $ddb = esmith::DomainsDB->open() || die("Couldn't open Domains db");
my %lets_data = ();
my $title = $c->l('lets_Letsencrypt_certificate');
my $modul = "";
# Accessing all parameters
my $params = $c->req->params->to_hash;
# Get number of parameters
my $num_params = scalar keys %$params;
#Tag as Post or Get (ie. create new entry or edit existing one
my $is_new_record = ($c->req->method() eq 'POST');
#Params are available in the hash "params" - copy to the prefix_data hash
#while (my ($key, $value) = each %{$c->req->params->to_hash}) {
# $lets_data{$key} = $value;
#}
# the value of trt will tell you which panel has returned
if (!$trt) {
$trt = $c->param('trt') || 'LIST'; #Indicates where to go now
}
# Now add in the params from the selected row from the table
my %selectedrow;
if ($trt eq 'LIST') {
#Validate Get selected row (if applicable) LIST
%selectedrow = $c->get_selected_LIST($lets_data{'Selected'}, $is_new_record);
} ## end if ($trt eq 'LIST')
if ($trt eq 'PARAMS') {
#Validate Get selected row (if applicable) PARAMS
%selectedrow = $c->get_selected_PARAMS($lets_data{'Selected'}, $is_new_record);
} ## end if ($trt eq 'PARAMS')
if ($trt eq 'CHECKALLDOMAINS') {
#Validate Get selected row (if applicable) CHECKALLDOMAINS
%selectedrow = $c->get_selected_CHECKALLDOMAINS($lets_data{'Selected'}, $is_new_record);
} ## end if ($trt eq 'CHECKALLDOMAINS')
if ($trt eq 'CHECKALLENABLEDDOMAINS') {
#Validate Get selected row (if applicable) CHECKALLENABLEDDOMAINS
%selectedrow = $c->get_selected_CHECKALLENABLEDDOMAINS($lets_data{'Selected'}, $is_new_record);
} ## end if ($trt eq 'CHECKALLENABLEDDOMAINS')
if ($trt eq 'CHECKONEDOMAIN') {
#Validate Get selected row (if applicable) CHECKONEDOMAIN
%selectedrow = $c->get_selected_CHECKONEDOMAIN($lets_data{'Selected'}, $is_new_record);
} ## end if ($trt eq 'CHECKONEDOMAIN')
#Copy in the selected row params to the prefix_data hash to pass to the panel
while (my ($key, $value) = each %selectedrow) {
$lets_data{$key} = $value;
}
# Where to go now
$lets_data{'trt'} = $trt;
# Set up other shared data according to the panel to go to
if ($trt eq 'LIST') {
# pickup any other contents needed and load them into hash shared with panel
my %returned_hash;
# subroutine returns a hash directly
%returned_hash = $c->get_data_for_panel_LIST();
# Copy each key-value pair from the returned hash to the prefix data hash
while (my ($key, $value) = each %returned_hash) {
$lets_data{$key} = $value;
}
} ## end if ($trt eq 'LIST')
if ($trt eq 'PARAMS') {
# pickup any other contents needed and load them into hash shared with panel
my %returned_hash;
# subroutine returns a hash directly
%returned_hash = $c->get_data_for_panel_PARAMS();
# Copy each key-value pair from the returned hash to the prefix data hash
while (my ($key, $value) = each %returned_hash) {
$lets_data{$key} = $value;
}
} ## end if ($trt eq 'PARAMS')
if ($trt eq 'CHECKALLDOMAINS') {
# pickup any other contents needed and load them into hash shared with panel
my %returned_hash;
# subroutine returns a hash directly
%returned_hash = $c->get_data_for_panel_CHECKALLDOMAINS();
# Copy each key-value pair from the returned hash to the prefix data hash
while (my ($key, $value) = each %returned_hash) {
$lets_data{$key} = $value;
}
} ## end if ($trt eq 'CHECKALLDOMAINS')
if ($trt eq 'CHECKALLENABLEDDOMAINS') {
# pickup any other contents needed and load them into hash shared with panel
my %returned_hash;
# subroutine returns a hash directly
%returned_hash = $c->get_data_for_panel_CHECKALLENABLEDDOMAINS();
# Copy each key-value pair from the returned hash to the prefix data hash
while (my ($key, $value) = each %returned_hash) {
$lets_data{$key} = $value;
}
} ## end if ($trt eq 'CHECKALLENABLEDDOMAINS')
if ($trt eq 'CHECKONEDOMAIN') {
# pickup any other contents needed and load them into hash shared with panel
my %returned_hash;
# subroutine returns a hash directly
%returned_hash = $c->get_data_for_panel_CHECKONEDOMAIN();
# Copy each key-value pair from the returned hash to the prefix data hash
while (my ($key, $value) = each %returned_hash) {
$lets_data{$key} = $value;
}
} ## end if ($trt eq 'CHECKONEDOMAIN')
# and table control fields
$c->stash(DomainList => $c->get_DomainList());
# Data for panel
$c->stash(
title => $title,
modul => $modul,
lets_data => \%lets_data
);
$c->render(template => "letsencrypt");
} ## end sub do_display
1;

72
root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Letsencrypt/en.pm Normal file
View File

@ -0,0 +1,72 @@
package SrvMngr::I18N::Modules::Letsencrypt::en;
use strict;
use warnings;
use utf8;
use Mojo::Base 'SrvMngr::I18N';
use SrvMngr::I18N::Modules::General::en;
my %lexicon = (
#
# Generated by SM2Gen version: SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
#
'lets_Manage_letsencrypt-config_settings:' => 'Manage letsencrypt-config settings',
'lets_HOOKSCRIPT_STATUS' => 'Hookscript Status',
'lets_SERVICE_STATUS' => 'Service Status',
'lets_EMAIL' => 'Email',
'lets_Back' => 'Back',
'lets_Internal_IP' => 'Internal IP',
'lets_Save' => 'Save',
'lets_Issuer' => 'Issuer',
'lets_IS_IN_CERT' => 'Is In cart',
'lets_For_this_Server' => 'For this Server',
'lets_Loop_through_checking_the_letsencrypt' => 'Loop through checking the letsencrypt status for each configured domain',
'lets_Loop_through_checking_the_letsencrypt' => 'Loop through checking the letsencrypt status for each configured domain which is enabled',
'lets_Check_just_one_domain' => 'Check just one domain',
'lets_PARAMS_panel_action_was_successful' => 'PARAMS panel action was successful',
'lets_Check_all_domains' => 'Check all domains',
'lets_LIST_panel_action_was_successful' => 'LIST panel action was successful',
'lets_Status_Report' => 'Status Report',
'lets_LABEL_NAMESERVERS' => 'Label timeservers',
'lets_Loop_through_and_check_the' => 'Loop through and check the letsencrypt status for a specific domain',
'lets_Letsencrypt_certificate' => 'Letsencrypt certificate',
'lets_Error_Status_Report' => 'Error Status Report',
'lets_Not_Before' => 'Not Before',
'lets_Content' => 'Content',
'lets_CONFIG_LETSENCRYPT' => 'confirm Letsencrypt',
'lets_API_STATUS' => 'ape Status',
'lets_ACCEPT_TERMS_STATUS' => 'Accept Terms Status',
'lets_Check_all_enabled_domains' => 'Check all enabled domains',
'lets_All_domains_check_result' => 'All domains check result',
'lets_CHECKALLDOMAINS_panel_action_was_successful' => 'CHECKALLDOMAINS panel action was successful',
'lets_Domains_name' => 'Domains name',
'lets_HOSTOVERRIDE_STATUS' => 'Hostoverride Status',
'lets_List_of_Domains_and_Hosts' => 'List of Domains and Hosts',
'lets_Brief_description' => 'Brief description',
'lets_KEYSIZE_STATUS' => 'Keysize Status',
'lets_Domain_name_/_HOSTNAME' => 'Domain name / HOSTNAME',
'lets_Enabled_domains_check_result' => 'Enabled domains check result',
'lets_CHECKALLENABLEDDOMAINS_panel_action_was_successful' => 'CHECKALLENABLEDDOMAINS panel action was successful',
'lets_Internet_IP' => 'Internet IP',
'lets_Expiry' => 'Expiry',
'lets_CHECK_ALL_DOMAINS' => 'Check All Domains',
'lets_LABEL_POINT' => 'Label Point',
'lets_CHECK' => 'Check',
'lets_CONFIG' => 'Config',
'lets_Current_certificate_details' => 'Current certificate details',
'lets_LABEL_LECERT' => 'Label secret',
'lets_One_domain_check_result' => 'One domain check result',
'lets_CHECKONEDOMAIN_panel_action_was_successful' => 'CHECKONEDOMAIN panel action was successful',
'lets_CONFIGUREMODE_STATUS' => 'Configuremode Status',
'lets_CHECK_ALL_ENABLED_DOMAINS' => 'Check All Enabled Domains',
'lets_External_Interface_IP' => 'External Interface IP',
'lets_APPLY' => 'Apply',
);
our %Lexicon = (
%{ SrvMngr::I18N::Modules::General::en::Lexicon },
%lexicon
);
1;

55
root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Letsencrypt/letsencrypt_en.lex Normal file
View File

@ -0,0 +1,55 @@
#
# Generated by SM2Gen version: SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
# edited by bjr 09Jan2025
#
'lets_Manage_letsencrypt-config_settings:' => 'Manage letsencrypt-config settings',
'lets_HOOKSCRIPT_STATUS' => 'Hookscript Status',
'lets_SERVICE_STATUS' => 'Service Status',
'lets_EMAIL' => 'Email',
'lets_Back' => 'Back',
'lets_Internal_IP' => 'Internal IP',
'lets_Save' => 'Save',
'lets_Issuer' => 'Issuer',
'lets_IS_IN_CERT' => 'Is in certificate',
'lets_For_this_Server' => 'For this Server',
'lets_Loop_through_checking_the_letsencrypt' => 'Loop through checking the letsencrypt status for each configured domain',
'lets_Loop_through_checking_the_letsencrypt' => 'Loop through checking the letsencrypt status for each configured domain which is enabled',
'lets_Check_just_one_domain' => 'Check just one domain',
'lets_PARAMS_panel_action_was_successful' => 'Parameter panel action was successful',
'lets_Check_all_domains' => 'Check all domains',
'lets_LIST_panel_action_was_successful' => 'List panel action was successful',
'lets_Status_Report' => 'Status Report',
'lets_LABEL_NAMESERVERS' => 'Label timeservers',
'lets_Loop_through_and_check_the' => 'Loop through and check the letsencrypt status for a specific domain',
'lets_Letsencrypt_certificate' => 'Letsencrypt certificate',
'lets_Error_Status_Report' => 'Error Status Report',
'lets_Not_Before' => 'Not Before',
'lets_Content' => 'Content',
'lets_CONFIG_LETSENCRYPT' => 'Configure Letsencrypt',
'lets_API_STATUS' => 'API Status',
'lets_ACCEPT_TERMS_STATUS' => 'Accept Terms Status',
'lets_Check_all_enabled_domains' => 'Check all enabled domains',
'lets_All_domains_check_result' => 'All domains check result',
'lets_CHECKALLDOMAINS_panel_action_was_successful' => 'Check all domains panel action was successful',
'lets_Domains_name' => 'Domains name',
'lets_HOSTOVERRIDE_STATUS' => 'Hostoverride Status',
'lets_List_of_Domains_and_Hosts' => 'List of Domains and Hosts',
'lets_Brief_description' => 'Brief description',
'lets_KEYSIZE_STATUS' => 'Keysize Status',
'lets_Domain_name_/_HOSTNAME' => 'Domain name / HOSTNAME',
'lets_Enabled_domains_check_result' => 'Enabled domains check result',
'lets_CHECKALLENABLEDDOMAINS_panel_action_was_successful' => 'Check all enabled domains panel action was successful',
'lets_Internet_IP' => 'Internet IP',
'lets_Expiry' => 'Expiry',
'lets_CHECK_ALL_DOMAINS' => 'Check All Domains',
'lets_LABEL_POINT' => 'Label Point',
'lets_CHECK' => 'Check',
'lets_CONFIG' => 'Config',
'lets_Current_certificate_details' => 'Current certificate details',
'lets_LABEL_LECERT' => 'Label secret',
'lets_One_domain_check_result' => 'One domain check result',
'lets_CHECKONEDOMAIN_panel_action_was_successful' => 'Check one domain panel action was successful',
'lets_CONFIGUREMODE_STATUS' => 'Configure mode Status',
'lets_CHECK_ALL_ENABLED_DOMAINS' => 'Check All Enabled Domains',
'lets_External_Interface_IP' => 'External Interface IP',
'lets_APPLY' => 'Apply',

90
root/usr/share/smanager/themes/default/public/css/letsencrypt.css Normal file
View File

@ -0,0 +1,90 @@
/*
Generated by SM2Gen version: SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
*/
.Letsencrypt-panel {}
.name {}
.rout {}
.grou {}
.link2 {}
.link3 {}
.link4 {}
.endg {}
.subh2 {}
.read4 {}
.read5 {}
.read6 {}
.subh3 {}
.read1 {}
.read2 {}
.read3 {}
.subh4 {}
.tabl1 {}
thead .tabl1 {}
tbody .tabl1 {}
.name {}
.rout {}
.subh {}
.para1 {}
.sele1 {}
.sele2 {}
.sele3 {}
.sele4 {}
.sele5 {}
.sele6 {}
.sele7 {}
.emai8 {}
.subm9 {}
.name {}
.rout {}
.head {}
.subh {}
.text1 {}
.back2 {}
.name {}
.rout {}
.head {}
.subh {}
.text1 {}
.back2 {}
.name {}
.rout {}
.head {}
.subh {}
.read1 {}
.text2 {}
.back3 {}
.inline-buttons {
display: flex; /* Use flexbox to arrange items horizontally */
gap: 10px; /* Optional: Add space between buttons */
}
.inline-buttons .link {
/* Additional styling can be added here if needed */
}
.inline-buttons .link {
display: inline-block; /* Keep links as inline-block for button shape */
padding: 7px 14px; /* Adjusted padding to approximate 70% of the original */
margin: 0; /* Remove margin */
background-color: #efefef; /* Light gray background color */
color: black; /* Text color */
text-decoration: none; /* Remove underline */
border: 2px solid #bbb; /* Thin, light gray border */
border-radius: 3px; /* Slightly rounded corners */
font-size: 11.2px; /* Adjusted font size to approximate 70% of the original */
text-align: center; /* Center the text */
cursor: pointer; /* Pointer cursor on hover */ }
/* Hover and active effects for better interaction */
.inline-buttons .link:hover {
background-color: #d9d9d9; /* Darker shade on hover */
}
.inline-buttons .link:active {
background-color: #c0c0c0; /* Even darker shade on click */
}
span .label {
padding-top:13em;
}

69
root/usr/share/smanager/themes/default/templates/letsencrypt.html.ep Normal file
View File

@ -0,0 +1,69 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
% layout 'default', title => "Sme server 2 - Letsencrypt certificate", share_dir => './';
%# css specific to this panel:
% content_for 'module' => begin
%= stylesheet '/css/letsencrypt.css'
<div id="module" class="module Letsencrypt-panel">
% if (config->{debug} == 1) {
<pre>
%= dumper $c->current_route
%= dumper $lets_data->{trt}
</pre>
% }
<h1><%=$title%></h1>
% if ( stash('modul')) {
%= $c->render_to_string(inline => stash('modul') );
% }
%if ($c->stash('first')) {
<br><p>
%=$c->render_to_string(inline =>$c->l($c->stash('first')))
</p>
%} elsif ($c->stash('success')) {
<div class='success '>
<h2><%=$c->l('lets_Status_Report') %></h2><p>
%= $c->l($c->stash('success'));
</p>
</div>
%} elsif ($c->stash('error')) {
<div class='sme-error'>
<h2><%=$c->l('lets_Error_Status_Report') %></h2><p>
%= $c->l($c->stash('error'));
</p>
</div>
%}
%#Routing to partials according to trt parameter.
%#This ought to be cascading if/then/elsif, but is easier to just stack the if/then's rather like a case statement'
% if ($lets_data->{trt} eq "LIST") {
%= include 'partials/_lets_LIST'
%}
% if ($lets_data->{trt} eq "PARAMS") {
%= include 'partials/_lets_PARAMS'
%}
% if ($lets_data->{trt} eq "CHECKALLDOMAINS") {
%= include 'partials/_lets_CHECKALLDOMAINS'
%}
% if ($lets_data->{trt} eq "CHECKALLENABLEDDOMAINS") {
%= include 'partials/_lets_CHECKALLENABLEDDOMAINS'
%}
% if ($lets_data->{trt} eq "CHECKONEDOMAIN") {
%= include 'partials/_lets_CHECKONEDOMAIN'
%}
</div>
%end

45
root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKALLDOMAINS.html.ep Normal file
View File

@ -0,0 +1,45 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
<div id="Letsencrypt-CHECKALLDOMAINS" class="partial Letsencrypt-CHECKALLDOMAINS">
<script>
window.onload = function() {
SelectInput();
};
</script>
% if (config->{debug} == 1) {
<pre>
%= dumper $lets_data
</pre>
% }
% my $btn = l('lets_APPLY');
%= form_for "letsencryptu" => (method => 'POST') => begin
% param 'trt' => $lets_data->{trt} unless param 'trt';
%= hidden_field 'trt' => $lets_data->{trt}
%# Inputs etc in here.
<h1 class='head'><%=l('lets_Check_all_domains')%></h1>
<h2 class='subh'><%=l('lets_Loop_through_checking_the_letsencrypt')%></h2>
<span class=label>
%=l('lets_All_domains_check_result')
</span><span class=data>
% param 'AllDomainsCheck' => $lets_data->{AllDomainsCheck} unless param 'AllDomainsCheck';
%= text_area 'AllDomainsCheck', cols=>40, rows=>10, Readonly=>'true'
</span><br>
<span class='data'>
%my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span>
%# Probably finally by a submit.
%end
</div>

45
root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKALLENABLEDDOMAINS.html.ep Normal file
View File

@ -0,0 +1,45 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
<div id="Letsencrypt-CHECKALLENABLEDDOMAINS" class="partial Letsencrypt-CHECKALLENABLEDDOMAINS">
<script>
window.onload = function() {
SelectInput();
};
</script>
% if (config->{debug} == 1) {
<pre>
%= dumper $lets_data
</pre>
% }
% my $btn = l('lets_APPLY');
%= form_for "letsencryptu" => (method => 'POST') => begin
% param 'trt' => $lets_data->{trt} unless param 'trt';
%= hidden_field 'trt' => $lets_data->{trt}
%# Inputs etc in here.
<h1 class='head'><%=l('lets_Check_all_enabled_domains')%></h1>
<h2 class='subh'><%=l('lets_Loop_through_checking_the_letsencrypt')%></h2>
<span class=label>
%=l('lets_Enabled_domains_check_result')
</span><span class=data>
% param 'EnabledDomainsCheck' => $lets_data->{EnabledDomainsCheck} unless param 'EnabledDomainsCheck';
%= text_area 'EnabledDomainsCheck', cols=>40, rows=>10, Readonly=>'true'
</span><br>
<span class='data'>
%my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span>
%# Probably finally by a submit.
%end
</div>

52
root/usr/share/smanager/themes/default/templates/partials/_lets_CHECKONEDOMAIN.html.ep Normal file
View File

@ -0,0 +1,52 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
<div id="Letsencrypt-CHECKONEDOMAIN" class="partial Letsencrypt-CHECKONEDOMAIN">
<script>
window.onload = function() {
SelectInput();
};
</script>
% if (config->{debug} == 1) {
<pre>
%= dumper $lets_data
</pre>
% }
% my $btn = l('lets_APPLY');
%= form_for "letsencryptu" => (method => 'POST') => begin
% param 'trt' => $lets_data->{trt} unless param 'trt';
%= hidden_field 'trt' => $lets_data->{trt}
%# Inputs etc in here.
<h1 class='head'><%=l('lets_Check_just_one_domain')%></h1>
<h2 class='subh'><%=l('lets_Loop_through_and_check_the')%></h2>
<p><span class=label>
%=l('lets_Domains_name')
</span><span class=data>
% param 'OneDomainToCheck' => $lets_data->{OneDomainToCheck} unless param 'OneDomainToCheck';
%= text_field 'OneDomainToCheck', size => '50', class => 'textinput OneDomainToCheck' , pattern=>'.*' , placeholder=>'OneDomainToCheck', Readonly=>'true'
<br></span></p>
<span class=label>
%=l('lets_One_domain_check_result')
</span><span class=data>
% param 'OneDomainsCheck' => $lets_data->{OneDomainsCheck} unless param 'OneDomainsCheck';
%= text_area 'OneDomainsCheck', cols=>40, rows=>10, Readonly=>'true'
</span><br>
<span class='data'>
%my $back_text = l('lets_Back'); # Localized text
%my $actionBack = qq{
% <a href="letsencryptd">
% <input class='action back' type='submit' value='$back_text'>
% </a>
%};
<%= $c->render_to_string(inline => $actionBack) %>
</span>
%# Probably finally by a submit.
%end
</div>

126
root/usr/share/smanager/themes/default/templates/partials/_lets_LIST.html.ep Normal file
View File

@ -0,0 +1,126 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
<div id="Letsencrypt-LIST" class="partial Letsencrypt-LIST">
<script>
window.onload = function() {
SelectInput();
};
</script>
% if (config->{debug} == 1) {
<pre>
%= dumper $lets_data
</pre>
% }
% my $btn = l('lets_APPLY');
%= form_for "letsencryptu" => (method => 'POST') => begin
% param 'trt' => $lets_data->{trt} unless param 'trt';
%= hidden_field 'trt' => $lets_data->{trt}
%# Inputs etc in here.
<div class=inline-buttons>
<a href='letsencryptd?trt=PARAMS' class='link link2'>
%= l('lets_CONFIG')
</a>
%#= link_to l('lets_CONFIG'), 'letsencryptd?trt=PARAMS' , class=>'link link2'
<a href='letsencryptd?trt=CHECKALLDOMAINS' class='link link3'>
%= l('lets_CHECK_ALL_DOMAINS')
</a>
%#= link_to l('lets_CHECK_ALL_DOMAINS'), 'letsencryptd?trt=CHECKALLDOMAINS' , class=>'link link3'
<a href='letsencryptd?trt=CHECKALLENABLEDDOMAINS' class='link link4'>
%= l('lets_CHECK_ALL_ENABLED_DOMAINS')
</a>
%#= link_to l('lets_CHECK_ALL_ENABLED_DOMAINS'), 'letsencryptd?trt=CHECKALLENABLEDDOMAINS' , class=>'link link4'
</div>
<h2 class='subh2'><%=l('lets_For_this_Server')%></h2>
<p><span class=label>
%=l('lets_Internal_IP')
</span><span class=data>
% param 'InternalIP' => $lets_data->{InternalIP} unless param 'InternalIP';
%= text_field 'InternalIP', size => '50', class => 'textinput InternalIP' , pattern=>'.*' , placeholder=>'InternalIP', Readonly=>'true'
<br></span></p>
<p><span class=label>
%=l('lets_External_Interface_IP')
</span><span class=data>
% param 'ExternalIP' => $lets_data->{ExternalIP} unless param 'ExternalIP';
%= text_field 'ExternalIP', size => '50', class => 'textinput ExternalIP' , pattern=>'.*' , placeholder=>'ExternalIP', Readonly=>'true'
<br></span></p>
<p><span class=label>
%=l('lets_Internet_IP')
</span><span class=data>
% param 'InternetIP' => $lets_data->{InternetIP} unless param 'InternetIP';
%= text_field 'InternetIP', size => '50', class => 'textinput InternetIP' , pattern=>'.*' , placeholder=>'InternetIP', Readonly=>'true'
<br></span></p>
<h2 class='subh3'><%=l('lets_Current_certificate_details')%></h2>
<p><span class=label>
%=l('lets_Issuer')
</span><span class=data>
% param 'Issuer' => $lets_data->{Issuer} unless param 'Issuer';
%= text_field 'Issuer', size => '50', class => 'textinput Issuer' , pattern=>'.*' , placeholder=>'Issuer', Readonly=>'true'
<br></span></p>
<p><span class=label>
%=l('lets_Expiry')
</span><span class=data>
% param 'Expiry' => $lets_data->{Expiry} unless param 'Expiry';
%= text_field 'Expiry', size => '50', class => 'textinput Expiry' , pattern=>'.*' , placeholder=>'Expiry', Readonly=>'true'
<br></span></p>
<p><span class=label>
%=l('lets_Not_Before')
</span><span class=data>
% param 'NotBefore' => $lets_data->{NotBefore} unless param 'NotBefore';
%= text_field 'NotBefore', size => '50', class => 'textinput NotBefore' , pattern=>'.*' , placeholder=>'NotBefore', Readonly=>'true'
<br></span></p>
<h2 class='subh4'><%=l('lets_List_of_Domains_and_Hosts')%></h2>
<br /><table class="sme-border TableSort sme-table tabl1 ">
<thead class='tabl1'>
<tr table-head-row>
<th class='sme-border table-head-col table-head-col-Domain name / HOSTNAME '><%=l('lets_Domain_name_/_HOSTNAME')%></th>
<th class='sme-border table-head-col table-head-col-Brief description '><%=l('lets_Brief_description')%></th>
<th class='sme-border table-head-col table-head-col-Content '><%=l('lets_Content')%></th>
<th class='sme-border table-head-col table-head-col-LABEL_NAMESERVERS '><%=l('lets_LABEL_NAMESERVERS')%></th>
<th class='sme-border table-head-col table-head-col-LABEL_POINT '><%=l('lets_LABEL_POINT')%></th>
<th class='sme-border table-head-col table-head-col-LABEL_LECERT '><%=l('lets_LABEL_LECERT')%></th>
<th class='sme-border table-head-col table-head-col-IS_IN_CERT '><%=l('lets_IS_IN_CERT')%></th>
<th class='sme-border table-head-col table-head-col-CHECK '><%=l('lets_CHECK')%></th>
</tr>
</thead>
<tbody class='tabl1'>
% my $control_data = $c->stash('DomainList');
% foreach my $row (@$control_data) {
<tr class='table-row'>
<td class='sme-border table-col table-col-Table1-Domain name / HOSTNAME'><%=$c->render_to_string(inline=>$row->{'Table1-Domain name / HOSTNAME'})%></td>
<td class='sme-border table-col table-col-Table1-Brief description'><%=$c->render_to_string(inline=>$row->{'Table1-Brief description'})%></td>
<td class='sme-border table-col table-col-Table1-Content'><%=$c->render_to_string(inline=>$row->{'Table1-Content'})%></td>
<td class='sme-border table-col table-col-Table1-LABEL_NAMESERVERS'><%=$c->render_to_string(inline=>$row->{'Table1-LABEL_NAMESERVERS'})%></td>
<td class='sme-border table-col table-col-Table1-LABEL_POINT'><%=$c->render_to_string(inline=>$row->{'Table1-LABEL_POINT'})%></td>
<td class='sme-border table-col table-col-Table1-LABEL_LECERT'><%=$c->render_to_string(inline=>$row->{'Table1-LABEL_LECERT'})%></td>
<td class='sme-border table-col table-col-Table1-IS_IN_CERT'><%=$c->render_to_string(inline=>$row->{'Table1-IS_IN_CERT'})%></td>
<td class='sme-border table-col table-col-Table1-CHECK'><%=$c->render_to_string(inline=>$row->{'Table1-CHECK'})%></td>
</tr>
%}
</tbody>
</table>
%# Probably finally by a submit.
%end
</div>

97
root/usr/share/smanager/themes/default/templates/partials/_lets_PARAMS.html.ep Normal file
View File

@ -0,0 +1,97 @@
%#
%# Generated by SM2Gen version:0.8 Chameleon version:4.5.4 On Python:3.12.3 at 2024-12-01 15:22:43
%#
<div id="Letsencrypt-PARAMS" class="partial Letsencrypt-PARAMS">
<script>
window.onload = function() {
SelectInput();
};
</script>
% if (config->{debug} == 1) {
<pre>
%= dumper $lets_data
</pre>
% }
% my $btn = l('lets_APPLY');
%= form_for "letsencryptu" => (method => 'POST') => begin
% param 'trt' => $lets_data->{trt} unless param 'trt';
%= hidden_field 'trt' => $lets_data->{trt}
%# Inputs etc in here.
<h2 class='subh'><%=l('lets_Manage_letsencrypt-config_settings:')%></h2>
<p class='paragraph para1'>
%=l('lets_CONFIG_LETSENCRYPT')
</p>
<p><span class=label>
%=l('lets_SERVICE_STATUS')
</span><span class=data>
% my @status_options = [['Disabled' => 'disabled'], ['Enabled' => 'enabled'], ['TEST' => 'test']];
% param 'status' => $lets_data->{status} unless param 'status';
%= select_field 'status' => @status_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_HOOKSCRIPT_STATUS')
</span><span class=data>
% my @hookScript_options = [['Disabled' => 'disabled'], ['Enabled' => 'enabled']];
% param 'hookScript' => $lets_data->{hookScript} unless param 'hookScript';
%= select_field 'hookScript' => @hookScript_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_HOSTOVERRIDE_STATUS')
</span><span class=data>
% my @hostOverride_options = [['Disabled' => 'disabled'], ['Yes' => 'yes']];
% param 'hostOverride' => $lets_data->{hostOverride} unless param 'hostOverride';
%= select_field 'hostOverride' => @hostOverride_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_ACCEPT_TERMS_STATUS')
</span><span class=data>
% my @ACCEPT_TERMS_options = [['Disabled' => 'disabled'], ['Yes' => 'yes']];
% param 'ACCEPT_TERMS' => $lets_data->{ACCEPT_TERMS} unless param 'ACCEPT_TERMS';
%= select_field 'ACCEPT_TERMS' => @ACCEPT_TERMS_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_API_STATUS')
</span><span class=data>
% my @API_options = [['2' => '2']];
% param 'API' => $lets_data->{API} unless param 'API';
%= select_field 'API' => @API_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_KEYSIZE_STATUS')
</span><span class=data>
% my @keysize_options = [['2048' => '2048'], ['3072' => '3072'], ['4096' => '4096']];
% param 'keysize' => $lets_data->{keysize} unless param 'keysize';
%= select_field 'keysize' => @keysize_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_CONFIGUREMODE_STATUS')
</span><span class=data>
% my @configure_options = [['ALL' => 'all'], ['Domains' => 'domains'], ['HOSTS' => 'hosts'], ['NONE' => 'none']];
% param 'configure' => $lets_data->{configure} unless param 'configure';
%= select_field 'configure' => @configure_options, class => 'input'
<br></span> </p>
<p><span class=label>
%=l('lets_EMAIL')
</span><span class=data>
% param 'email' => $lets_data->{email} unless param 'email';
%=email_field 'email', class => 'emai8'
</span></p>
<span class='data'>
%= submit_button l('lets_Save'), class => 'action subm9'
</span>
%# Probably finally by a submit.
%end
</div>

16
smeserver-certificates.spec
View File

@ -1,6 +1,6 @@
%define name smeserver-certificates
%define version 11.0
%define release 1
%define release 2
Summary: This is what smeserver-certificates does.
Name: %{name}
Version: %{version}
@ -12,15 +12,27 @@ BuildRoot: %{_tmppath}/%{name}-buildroot
Prefix: %{_prefix}
BuildArchitectures: noarch
BuildRequires: smeserver-devtools
Provides: smeserver-letsencrypt
Obsoletes: smeserver-letsencrypt < %{version}
Requires: smeserver-release >= 11.0
Requires: q
Requires: jq
Requires: dehydrated >= 0.6.5
Requires: smeserver-manager >= 11.0.0-52
AutoReqProv: no
%description
%changelog
* Wed Feb 12 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-2.sme
- move smanager panel in package [SME: 12916]
- add Requires
- add templates from smeserver-letsencrypt
- use /var/www/html/.well-known/acme-challenge
* Thu Dec 12 2024 <brianr@koozali.org> 11.0-1.sme
- Initial code - create RPM [SME:12810]
- Initial code - create RPM [SME: 12810]
%prep