From 7ea59826117fda8b59869a349de1d8057d8b2a7c Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Thu, 21 Sep 2017 00:39:06 +0200
Subject: [PATCH] empty commit, only :retab

---
 evoacme/files/certbot.cron |   2 +-
 evoacme/files/evoacme.sh   | 104 +++++++++---------
 evoacme/files/make-csr.sh  | 212 ++++++++++++++++++-------------------
 3 files changed, 159 insertions(+), 159 deletions(-)

diff --git a/evoacme/files/certbot.cron b/evoacme/files/certbot.cron
index a7c4eef2..eb2ddb3a 100755
--- a/evoacme/files/certbot.cron
+++ b/evoacme/files/certbot.cron
@@ -10,5 +10,5 @@
 [ -z "${CRT_DIR}" ] && CRT_DIR='/etc/letsencrypt'
 
 find "${CRT_DIR}" -maxdepth 1 -mindepth 1 -type d ! -path "*accounts" -exec basename {} \; | while read vhost; do
-	evoacme "$vhost"
+    evoacme "$vhost"
 done
diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh
index ffbf22ac..0504567e 100755
--- a/evoacme/files/evoacme.sh
+++ b/evoacme/files/evoacme.sh
@@ -8,12 +8,12 @@
 #
 
 usage() {
-	echo "Usage: $0 NAME"
-	echo ""
-	echo "NAME must be correspond to :"
-	echo "- a CSR in ${CSR_DIR}/NAME.csr"
-	echo "- a KEY in ${SSL_KEY_DIR}/NAME.key"
-	echo ""
+    echo "Usage: $0 NAME"
+    echo ""
+    echo "NAME must be correspond to :"
+    echo "- a CSR in ${CSR_DIR}/NAME.csr"
+    echo "- a KEY in ${SSL_KEY_DIR}/NAME.key"
+    echo ""
 }
 
 mkconf_apache() {
@@ -27,58 +27,58 @@ mkconf_nginx() {
 }
 
 mkconf_haproxy() {
-	mkdir -p /etc/ssl/haproxy -m 700
-	cat "$CRT_DIR/${vhost}/live/fullchain.pem" "$SSL_KEY_DIR/${vhost}.key" > "/etc/ssl/haproxy/${vhost}.pem"
-	[ -f "$DH_DIR/${vhost}.pem" ] && cat "$DH_DIR/${vhost}.pem" >> "/etc/ssl/haproxy/${vhost}.pem"
-	haproxy -c -f /etc/haproxy/haproxy.cfg >/dev/null && service haproxy reload
+    mkdir -p /etc/ssl/haproxy -m 700
+    cat "$CRT_DIR/${vhost}/live/fullchain.pem" "$SSL_KEY_DIR/${vhost}.key" > "/etc/ssl/haproxy/${vhost}.pem"
+    [ -f "$DH_DIR/${vhost}.pem" ] && cat "$DH_DIR/${vhost}.pem" >> "/etc/ssl/haproxy/${vhost}.pem"
+    haproxy -c -f /etc/haproxy/haproxy.cfg >/dev/null && service haproxy reload
 }
 
 main() {
-	[ -f /etc/default/evoacme ] && . /etc/default/evoacme
-	[ -z "${SSL_KEY_DIR}" ] && SSL_KEY_DIR='/etc/ssl/private'
-	[ -z "${CRT_DIR}" ] && CRT_DIR='/etc/letsencrypt'
-	[ -z "${CSR_DIR}" ] && CSR_DIR='/etc/ssl/requests'
-	[ -z "${SELF_SIGNED_DIR}" ] && SELF_SIGNED_DIR='/etc/ssl/self-signed'
-	[ -z "${DH_DIR}" ] && DH_DIR='/etc/ssl/dhparam'
-	[ -z "${LOG_DIR}" ] && LOG_DIR='/var/log/evoacme'
-	
-	[ "$#" -ne 1 ] && usage && exit 1
+    [ -f /etc/default/evoacme ] && . /etc/default/evoacme
+    [ -z "${SSL_KEY_DIR}" ] && SSL_KEY_DIR='/etc/ssl/private'
+    [ -z "${CRT_DIR}" ] && CRT_DIR='/etc/letsencrypt'
+    [ -z "${CSR_DIR}" ] && CSR_DIR='/etc/ssl/requests'
+    [ -z "${SELF_SIGNED_DIR}" ] && SELF_SIGNED_DIR='/etc/ssl/self-signed'
+    [ -z "${DH_DIR}" ] && DH_DIR='/etc/ssl/dhparam'
+    [ -z "${LOG_DIR}" ] && LOG_DIR='/var/log/evoacme'
+    
+    [ "$#" -ne 1 ] && usage && exit 1
 
-	vhost=$(basename "$1" .conf)
+    vhost=$(basename "$1" .conf)
 
-	# Check master status for evoadmin-cluster
-	if [ -f "/home/${vhost}/state" ]; then
-		grep -q "STATE=master" "/home/${vhost}/state" || exit 0
-	fi
+    # Check master status for evoadmin-cluster
+    if [ -f "/home/${vhost}/state" ]; then
+        grep -q "STATE=master" "/home/${vhost}/state" || exit 0
+    fi
 
-	SSL_EMAIL=$(grep emailAddress "${CRT_DIR}/openssl.cnf"|cut -d'=' -f2|xargs)
-	if [ -n "$SSL_EMAIL" ]; then
-	    emailopt="-m $SSL_EMAIL"
-	else
-	    emailopt="--register-unsafely-without-email"
-	fi
-	DATE=$(date "+%Y%m%d")
-	
-	if [ -h "$CRT_DIR/${vhost}/live" ]; then
-	    crt_end_date=$(openssl x509 -noout -enddate -in "$CRT_DIR/${vhost}/live/cert.crt"|sed -e "s/.*=//")
-	    date_crt=$(date -ud "$crt_end_date" +"%s")
-	    date_today=$(date +'%s')
-	    date_diff=$(((date_crt - date_today) / (60*60*24)))
-	    [ "$date_diff" -ge "$SSL_MINDAY" ] && exit 0
-	fi
-	rm -rf "$CRT_DIR/${vhost}/${DATE}"
-	mkdir -pm 755 "$CRT_DIR/${vhost}/${DATE}"
-	chown -R acme: "$CRT_DIR/${vhost}"
-	sudo -u acme certbot certonly --quiet --webroot --csr "$CSR_DIR/${vhost}.csr" --webroot-path "$ACME_DIR" -n --agree-tos --cert-path="$CRT_DIR/${vhost}/${DATE}/cert.crt" --fullchain-path="$CRT_DIR/${vhost}/${DATE}/fullchain.pem" --chain-path="$CRT_DIR/${vhost}/${DATE}/chain.pem" "$emailopt" --logs-dir "$LOG_DIR" 2>&1 | grep -v "certbot.crypto_util"
-	if [ -f "$CRT_DIR/${vhost}/${DATE}/fullchain.pem" ]; then
-		rm -f "$CRT_DIR/${vhost}/live"
-		ln -s "$CRT_DIR/${vhost}/${DATE}" "$CRT_DIR/${vhost}/live"
-		which apache2ctl >/dev/null && mkconf_apache
-		which nginx >/dev/null && mkconf_nginx
-		which haproxy >/dev/null && mkconf_haproxy
-	else
-		rmdir "$CRT_DIR/${vhost}/${DATE}"
-	fi
+    SSL_EMAIL=$(grep emailAddress "${CRT_DIR}/openssl.cnf"|cut -d'=' -f2|xargs)
+    if [ -n "$SSL_EMAIL" ]; then
+        emailopt="-m $SSL_EMAIL"
+    else
+        emailopt="--register-unsafely-without-email"
+    fi
+    DATE=$(date "+%Y%m%d")
+    
+    if [ -h "$CRT_DIR/${vhost}/live" ]; then
+        crt_end_date=$(openssl x509 -noout -enddate -in "$CRT_DIR/${vhost}/live/cert.crt"|sed -e "s/.*=//")
+        date_crt=$(date -ud "$crt_end_date" +"%s")
+        date_today=$(date +'%s')
+        date_diff=$(((date_crt - date_today) / (60*60*24)))
+        [ "$date_diff" -ge "$SSL_MINDAY" ] && exit 0
+    fi
+    rm -rf "$CRT_DIR/${vhost}/${DATE}"
+    mkdir -pm 755 "$CRT_DIR/${vhost}/${DATE}"
+    chown -R acme: "$CRT_DIR/${vhost}"
+    sudo -u acme certbot certonly --quiet --webroot --csr "$CSR_DIR/${vhost}.csr" --webroot-path "$ACME_DIR" -n --agree-tos --cert-path="$CRT_DIR/${vhost}/${DATE}/cert.crt" --fullchain-path="$CRT_DIR/${vhost}/${DATE}/fullchain.pem" --chain-path="$CRT_DIR/${vhost}/${DATE}/chain.pem" "$emailopt" --logs-dir "$LOG_DIR" 2>&1 | grep -v "certbot.crypto_util"
+    if [ -f "$CRT_DIR/${vhost}/${DATE}/fullchain.pem" ]; then
+        rm -f "$CRT_DIR/${vhost}/live"
+        ln -s "$CRT_DIR/${vhost}/${DATE}" "$CRT_DIR/${vhost}/live"
+        which apache2ctl >/dev/null && mkconf_apache
+        which nginx >/dev/null && mkconf_nginx
+        which haproxy >/dev/null && mkconf_haproxy
+    else
+        rmdir "$CRT_DIR/${vhost}/${DATE}"
+    fi
 }
 
 main "$@"
diff --git a/evoacme/files/make-csr.sh b/evoacme/files/make-csr.sh
index 844847ab..5338ba2c 100755
--- a/evoacme/files/make-csr.sh
+++ b/evoacme/files/make-csr.sh
@@ -8,143 +8,143 @@
 #
 
 get_domains() {
-	echo "$vhostfile"|grep -q nginx
-	if [ "$?" -eq 0 ]; then
-		domains=$(grep -oE "^( )*[^#]+" "$vhostfile" |grep -oE "[^\$]server_name.*;$"|sed 's/server_name//'|tr -d ';'|sed 's/\s\{1,\}//'|sed 's/\s\{1,\}/\n/g'|sort|uniq)
-	fi
-	
-	echo "$vhostfile" |grep -q apache2
-	if [ "$?" -eq 0 ]; then
-		domains=$(grep -oE "^( )*[^#]+" "$vhostfile" |grep -oE "(ServerName|ServerAlias).*"|sed 's/ServerName//'|sed 's/ServerAlias//'|sed 's/\s\{1,\}//'|sort|uniq)
-	fi
-	valid_domains=""
-	nb=0
-	
-	echo "Valid(s) domain(s) in $vhost :"
-	for domain in $domains; do
-		real_ip=$(dig +short "$domain"|grep -oE "([0-9]+\.){3}[0-9]+")
-		for ip in $(echo "$SRV_IP"|xargs -n1); do
-			if [ "${ip}" = "${real_ip}" ]; then
-	                        valid_domains="$valid_domains $domain"
-		                nb=$(( nb  + 1 ))
-				echo "* $domain -> $real_ip"
-			fi
-		done
-	done
-	
-	if [ "$nb" -eq 0 ]; then
-	        nb=$(echo "$domains"|wc -l)
-		echo "* No valid domain found"
-		echo "All following(s) domain(s) will be used for CSR creation :"
-		for domain in $domains; do
-			echo "* $domain"
-		done
-	else
-		domains="$valid_domains"
-	fi
-	domains=$(echo "$domains"|xargs -n1)
+    echo "$vhostfile"|grep -q nginx
+    if [ "$?" -eq 0 ]; then
+        domains=$(grep -oE "^( )*[^#]+" "$vhostfile" |grep -oE "[^\$]server_name.*;$"|sed 's/server_name//'|tr -d ';'|sed 's/\s\{1,\}//'|sed 's/\s\{1,\}/\n/g'|sort|uniq)
+    fi
+    
+    echo "$vhostfile" |grep -q apache2
+    if [ "$?" -eq 0 ]; then
+        domains=$(grep -oE "^( )*[^#]+" "$vhostfile" |grep -oE "(ServerName|ServerAlias).*"|sed 's/ServerName//'|sed 's/ServerAlias//'|sed 's/\s\{1,\}//'|sort|uniq)
+    fi
+    valid_domains=""
+    nb=0
+    
+    echo "Valid(s) domain(s) in $vhost :"
+    for domain in $domains; do
+        real_ip=$(dig +short "$domain"|grep -oE "([0-9]+\.){3}[0-9]+")
+        for ip in $(echo "$SRV_IP"|xargs -n1); do
+            if [ "${ip}" = "${real_ip}" ]; then
+                            valid_domains="$valid_domains $domain"
+                        nb=$(( nb  + 1 ))
+                echo "* $domain -> $real_ip"
+            fi
+        done
+    done
+    
+    if [ "$nb" -eq 0 ]; then
+            nb=$(echo "$domains"|wc -l)
+        echo "* No valid domain found"
+        echo "All following(s) domain(s) will be used for CSR creation :"
+        for domain in $domains; do
+            echo "* $domain"
+        done
+    else
+        domains="$valid_domains"
+    fi
+    domains=$(echo "$domains"|xargs -n1)
 }
 
 make_key() {
-	openssl genrsa -out "$SSL_KEY_DIR/${vhost}.key" "$SSL_KEY_SIZE" 2>/dev/null
-	chown root: "$SSL_KEY_DIR/${vhost}.key"
-	chmod 600 "$SSL_KEY_DIR/${vhost}.key"
+    openssl genrsa -out "$SSL_KEY_DIR/${vhost}.key" "$SSL_KEY_SIZE" 2>/dev/null
+    chown root: "$SSL_KEY_DIR/${vhost}.key"
+    chmod 600 "$SSL_KEY_DIR/${vhost}.key"
 }
 
 make_csr() {
-	domains="$1"
-	nb=$(echo "$domains"|wc -l)
-	config_file="/tmp/make-csr-${vhost}.conf"
+    domains="$1"
+    nb=$(echo "$domains"|wc -l)
+    config_file="/tmp/make-csr-${vhost}.conf"
 
-	mkdir -p "$CSR_DIR" -m 0755
-	
-	if [ "$nb" -eq 1 ]; then
-		cat /etc/letsencrypt/openssl.cnf - > "$config_file" <<EOF
+    mkdir -p "$CSR_DIR" -m 0755
+    
+    if [ "$nb" -eq 1 ]; then
+        cat /etc/letsencrypt/openssl.cnf - > "$config_file" <<EOF
 CN=$domains
 EOF
-		openssl req -new -sha256 -key "$SSL_KEY_DIR/${vhost}.key" -config "$config_file" -out "$CSR_DIR/${vhost}.csr"
-	elif [ "$nb" -gt 1 ]; then
-		san=''
-		for domain in $domains
-		do
-		        san="$san,DNS:$domain"
-		done
-		san=$(echo "$san"|sed 's/,//')
-		cat /etc/letsencrypt/openssl.cnf - > "$config_file" <<EOF
+        openssl req -new -sha256 -key "$SSL_KEY_DIR/${vhost}.key" -config "$config_file" -out "$CSR_DIR/${vhost}.csr"
+    elif [ "$nb" -gt 1 ]; then
+        san=''
+        for domain in $domains
+        do
+                san="$san,DNS:$domain"
+        done
+        san=$(echo "$san"|sed 's/,//')
+        cat /etc/letsencrypt/openssl.cnf - > "$config_file" <<EOF
 [SAN]
 subjectAltName=$san
 EOF
-		openssl req -new -sha256 -key "$SSL_KEY_DIR/${vhost}.key" -reqexts SAN -config "$config_file" > "$CSR_DIR/${vhost}.csr"
-	fi
-	
-	if [ -f "$CSR_DIR/${vhost}.csr" ]; then
-		chmod 644 "$CSR_DIR/${vhost}.csr"
-		mkdir -p "$SELF_SIGNED_DIR" -m 0755
-		openssl x509 -req -sha256 -days 365 -in "$CSR_DIR/${vhost}.csr" -signkey "$SSL_KEY_DIR/${vhost}.key" -out "$SELF_SIGNED_DIR/${vhost}.pem"
-		[ -f "$SELF_SIGNED_DIR/${vhost}.pem" ] && chmod 644 "$SELF_SIGNED_DIR/${vhost}.pem"
-	fi
+        openssl req -new -sha256 -key "$SSL_KEY_DIR/${vhost}.key" -reqexts SAN -config "$config_file" > "$CSR_DIR/${vhost}.csr"
+    fi
+    
+    if [ -f "$CSR_DIR/${vhost}.csr" ]; then
+        chmod 644 "$CSR_DIR/${vhost}.csr"
+        mkdir -p "$SELF_SIGNED_DIR" -m 0755
+        openssl x509 -req -sha256 -days 365 -in "$CSR_DIR/${vhost}.csr" -signkey "$SSL_KEY_DIR/${vhost}.key" -out "$SELF_SIGNED_DIR/${vhost}.pem"
+        [ -f "$SELF_SIGNED_DIR/${vhost}.pem" ] && chmod 644 "$SELF_SIGNED_DIR/${vhost}.pem"
+    fi
 }
 
 mkconf_apache() {
-	mkdir -p /etc/apache2/ssl
-	if [ ! -f "/etc/apache2/ssl/${vhost}.conf" ]; then
-		cat > "/etc/apache2/ssl/${vhost}.conf" <<EOF
+    mkdir -p /etc/apache2/ssl
+    if [ ! -f "/etc/apache2/ssl/${vhost}.conf" ]; then
+        cat > "/etc/apache2/ssl/${vhost}.conf" <<EOF
 SSLEngine On
 SSLCertificateFile    $SELF_SIGNED_DIR/${vhost}.pem
 SSLCertificateKeyFile $SSL_KEY_DIR/${vhost}.key
 EOF
-	else
-		sed -i "s~^SSLCertificateFile.*$~SSLCertificateFile $SELF_SIGNED_DIR/${vhost}.pem~" "/etc/apache2/ssl/${vhost}.conf"
-	fi
+    else
+        sed -i "s~^SSLCertificateFile.*$~SSLCertificateFile $SELF_SIGNED_DIR/${vhost}.pem~" "/etc/apache2/ssl/${vhost}.conf"
+    fi
 }
 
 mkconf_nginx() {
-	mkdir -p /etc/nginx/ssl
-	if [ ! -f "/etc/nginx/ssl/${vhost}.conf" ]; then
-		cat > "/etc/nginx/ssl/${vhost}.conf" <<EOF
+    mkdir -p /etc/nginx/ssl
+    if [ ! -f "/etc/nginx/ssl/${vhost}.conf" ]; then
+        cat > "/etc/nginx/ssl/${vhost}.conf" <<EOF
 ssl_certificate $SELF_SIGNED_DIR/${vhost}.pem;
 ssl_certificate_key $SSL_KEY_DIR/${vhost}.key;
 EOF
-	else
-		sed -i "s~^ssl_certificate[^_].*$~ssl_certificate $SELF_SIGNED_DIR/${vhost}.pem;~" "/etc/nginx/ssl/${vhost}.conf"
-	fi
+    else
+        sed -i "s~^ssl_certificate[^_].*$~ssl_certificate $SELF_SIGNED_DIR/${vhost}.pem;~" "/etc/nginx/ssl/${vhost}.conf"
+    fi
 }
 
 main() {
-	if [ "$#" -ne 1 ]; then
-		echo "You need to provide one argument !" >&2
-		exit 1
-	fi
-	vhost=$(basename "$1" .conf)
-	local_ip=$(ip a|grep brd|cut -d'/' -f1|grep -oE "([0-9]+\.){3}[0-9]+")
+    if [ "$#" -ne 1 ]; then
+        echo "You need to provide one argument !" >&2
+        exit 1
+    fi
+    vhost=$(basename "$1" .conf)
+    local_ip=$(ip a|grep brd|cut -d'/' -f1|grep -oE "([0-9]+\.){3}[0-9]+")
 
-	[ -f /etc/default/evoacme ] && . /etc/default/evoacme
-	[ -z "${SSL_KEY_DIR}" ] && SSL_KEY_DIR='/etc/ssl/private'
-	[ -z "${CSR_DIR}" ] && CSR_DIR='/etc/ssl/requests'
-	[ -z "${CRT_DIR}" ] && CRT_DIR='/etc/letsencrypt'
-	[ -z "${SELF_SIGNED_DIR}" ] && SELF_SIGNED_DIR='/etc/ssl/self-signed'
-	SSL_KEY_SIZE=$(grep default_bits /etc/letsencrypt/openssl.cnf|cut -d'=' -f2|xargs)
-	[ -n "${SRV_IP}" ] && SRV_IP="${SRV_IP} $local_ip" || SRV_IP="$local_ip"
-	
-	vhostfile=$(ls "/etc/nginx/sites-enabled/${vhost}" "/etc/nginx/sites-enabled/${vhost}.conf" "/etc/apache2/sites-enabled/${vhost}" "/etc/apache2/sites-enabled/${vhost}.conf" 2>/dev/null|head -n1)
-	
-	if [ ! -h "$vhostfile" ]; then
-		echo "$vhost is not a valid virtualhost !" >&2
-		exit 1
-	fi
+    [ -f /etc/default/evoacme ] && . /etc/default/evoacme
+    [ -z "${SSL_KEY_DIR}" ] && SSL_KEY_DIR='/etc/ssl/private'
+    [ -z "${CSR_DIR}" ] && CSR_DIR='/etc/ssl/requests'
+    [ -z "${CRT_DIR}" ] && CRT_DIR='/etc/letsencrypt'
+    [ -z "${SELF_SIGNED_DIR}" ] && SELF_SIGNED_DIR='/etc/ssl/self-signed'
+    SSL_KEY_SIZE=$(grep default_bits /etc/letsencrypt/openssl.cnf|cut -d'=' -f2|xargs)
+    [ -n "${SRV_IP}" ] && SRV_IP="${SRV_IP} $local_ip" || SRV_IP="$local_ip"
+    
+    vhostfile=$(ls "/etc/nginx/sites-enabled/${vhost}" "/etc/nginx/sites-enabled/${vhost}.conf" "/etc/apache2/sites-enabled/${vhost}" "/etc/apache2/sites-enabled/${vhost}.conf" 2>/dev/null|head -n1)
+    
+    if [ ! -h "$vhostfile" ]; then
+        echo "$vhost is not a valid virtualhost !" >&2
+        exit 1
+    fi
 
-	if [ -f "$SSL_KEY_DIR/${vhost}.key" ]; then
-		echo "$vhost key already exist, overwrite it ? (y)"
-		read REPLY
-		[ "$REPLY" = "Y" ] || [ "$REPLY" = "y" ] || exit 0
-		rm -f "/etc/apache2/ssl/${vhost}.conf /etc/nginx/ssl/${vhost}.conf"
-		[ -h "${CRT_DIR}/${vhost}/live" ] && rm "${CRT_DIR}/${vhost}/live"
-	fi
+    if [ -f "$SSL_KEY_DIR/${vhost}.key" ]; then
+        echo "$vhost key already exist, overwrite it ? (y)"
+        read REPLY
+        [ "$REPLY" = "Y" ] || [ "$REPLY" = "y" ] || exit 0
+        rm -f "/etc/apache2/ssl/${vhost}.conf /etc/nginx/ssl/${vhost}.conf"
+        [ -h "${CRT_DIR}/${vhost}/live" ] && rm "${CRT_DIR}/${vhost}/live"
+    fi
 
-	get_domains
-	make_key
-	make_csr "$domains"
-	which apache2ctl >/dev/null && mkconf_apache
+    get_domains
+    make_key
+    make_csr "$domains"
+    which apache2ctl >/dev/null && mkconf_apache
         which nginx >/dev/null && mkconf_nginx
 }