evoacme: upstream version 19.11
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
7e50a460a8
commit
ab8c6b13b8
5 changed files with 126 additions and 56 deletions
|
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
|
|||
* apt: check if cron is installed before adding a cron job
|
||||
* apt: remove jessie/buster sources from Gandi servers
|
||||
* certbot : new role to install and configure certbot
|
||||
* evoacme: upstream version 19.11
|
||||
* evocheck: upstream version 19.10
|
||||
* evolinux-base: default value for "evolinux_ssh_group"
|
||||
* evolinux-base: install /sbin/deny
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
# Evoacme 2.0
|
||||
|
||||
EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
|
||||
The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>
|
||||
|
||||
It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/)
|
||||
|
||||
Evoacme is open source software licensed under the AGPLv3 License.
|
||||
Shell scripts are copied from the upstream repository after each release.
|
||||
No changes must be applied directly here ; patch upstream, release then copy here.
|
||||
|
||||
## Install
|
||||
|
||||
|
|
|
@ -10,17 +10,33 @@
|
|||
set -e
|
||||
set -u
|
||||
|
||||
usage() {
|
||||
show_version() {
|
||||
cat <<END
|
||||
evoacme version ${VERSION}
|
||||
|
||||
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||
Victor Laborie <vlaborie@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>,
|
||||
Benoit Série <bserie@evolix.fr>
|
||||
and others.
|
||||
|
||||
evoacme comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU Affero General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
|
||||
show_help() {
|
||||
cat <<EOT
|
||||
Usage: ${PROGNAME} NAME
|
||||
NAME must be correspond to :
|
||||
- a CSR in ${CSR_DIR}/NAME.csr
|
||||
- a KEY in ${SSL_KEY_DIR}/NAME.key
|
||||
NAME must be correspond to :
|
||||
- a CSR in ${CSR_DIR}/NAME.csr
|
||||
- a KEY in ${SSL_KEY_DIR}/NAME.key
|
||||
|
||||
If env variable TEST=1, certbot is run in staging mode
|
||||
If env variable DRY_RUN=1, certbot is run in dry-run mode
|
||||
If env variable QUIET=1, no message is output
|
||||
If env variable VERBOSE=1, debug messages are output
|
||||
If env variable TEST=1, certbot is run in staging mode
|
||||
If env variable DRY_RUN=1, certbot is run in dry-run mode
|
||||
If env variable QUIET=1, no message is output
|
||||
If env variable VERBOSE=1, debug messages are output
|
||||
EOT
|
||||
}
|
||||
|
||||
|
@ -36,7 +52,7 @@ debug() {
|
|||
}
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
[ "$1" = "invalid argument(s)" ] && >&2 usage
|
||||
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -75,7 +91,7 @@ sed_cert_path_for_nginx() {
|
|||
sed -i "s~${search}~${replace}~" "${vhost_full_path}"
|
||||
debug "Config in ${vhost_full_path} has been updated"
|
||||
$(command -v nginx) -t 2>/dev/null
|
||||
[ "${?}" -eq 0 ] || $(command -v nginx) -t
|
||||
[ "${?}" -eq 0 ] || $(command -v nginx) -t -q
|
||||
fi
|
||||
}
|
||||
x509_verify() {
|
||||
|
@ -98,7 +114,8 @@ main() {
|
|||
# check arguments
|
||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||
|
||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
|
||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||
|
||||
mkdir -p "${ACME_DIR}"
|
||||
chown acme: "${ACME_DIR}"
|
||||
|
@ -287,6 +304,8 @@ readonly QUIET=${QUIET:-"0"}
|
|||
readonly TEST=${TEST:-"0"}
|
||||
readonly DRY_RUN=${DRY_RUN:-"0"}
|
||||
|
||||
readonly VERSION="19.11"
|
||||
|
||||
# Read configuration file, if it exists
|
||||
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
||||
|
||||
|
|
|
@ -9,27 +9,52 @@
|
|||
|
||||
set -u
|
||||
|
||||
usage() {
|
||||
cat <<EOT
|
||||
Usage: ${PROGNAME} VHOST DOMAIN...
|
||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||
If VHOST ends with ".conf" it is stripped,
|
||||
then files are seached at those paths:
|
||||
- /etc/apache2/sites-enables/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST
|
||||
DOMAIN... is a list of domains for the CSR (passed as arguments or input)
|
||||
show_version() {
|
||||
cat <<END
|
||||
make-csr version ${VERSION}
|
||||
|
||||
If env variable VERBOSE=1, debug messages are sent to stderr
|
||||
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||
Victor Laborie <vlaborie@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>,
|
||||
Benoit Série <bserie@evolix.fr>
|
||||
and others.
|
||||
|
||||
make-csr comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU Affero General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
|
||||
show_help() {
|
||||
cat <<EOT
|
||||
Usage: ${PROGNAME} VHOST DOMAIN [DOMAIN]
|
||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||
If VHOST ends with ".conf" it is stripped,
|
||||
then files are seached at those paths:
|
||||
- /etc/apache2/sites-enables/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST
|
||||
|
||||
DOMAIN is a list of domains for the CSR (passed as arguments or input)
|
||||
|
||||
If env variable QUIET=1, no message is output
|
||||
If env variable VERBOSE=1, debug messages are output
|
||||
EOT
|
||||
}
|
||||
|
||||
log() {
|
||||
if [ "${QUIET}" != "1" ]; then
|
||||
echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = 1 ]; then
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -173,13 +198,15 @@ EOF
|
|||
}
|
||||
|
||||
main() {
|
||||
# We must have at least 1 argument
|
||||
[ "$#" -ge 1 ] || error "invalid argument(s)"
|
||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||
|
||||
if [ -t 0 ]; then
|
||||
# We have STDIN, so we should have at least 2 arguments
|
||||
if [ "$#" -lt 2 ]; then
|
||||
>&2 echo "invalid arguments"
|
||||
>&2 usage
|
||||
exit 1
|
||||
fi
|
||||
# We have STDIN, so we should have 2 arguments
|
||||
[ "$#" -eq 2 ] || error "invalid argument(s)"
|
||||
|
||||
# read VHOST from first argument
|
||||
VHOST="$1"
|
||||
# remove the first argument
|
||||
|
@ -187,12 +214,9 @@ main() {
|
|||
# read domains from remaining arguments
|
||||
DOMAINS=$@
|
||||
else
|
||||
# We don't have STDIN, so we should have only 1 argument
|
||||
if [ "$#" != 1 ]; then
|
||||
>&2 echo "invalid arguments"
|
||||
>&2 usage
|
||||
exit 1
|
||||
fi
|
||||
# We don't have STDIN, so we should have 1 argument
|
||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||
|
||||
# read VHOST from first argument
|
||||
VHOST="$1"
|
||||
# read domains from input
|
||||
|
@ -239,6 +263,9 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
|
|||
readonly ARGS=$@
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly VERSION="19.11"
|
||||
|
||||
# Read configuration file, if it exists
|
||||
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
||||
|
|
|
@ -9,27 +9,50 @@
|
|||
|
||||
set -u
|
||||
|
||||
usage() {
|
||||
show_version() {
|
||||
cat <<END
|
||||
vhost-domains version ${VERSION}
|
||||
|
||||
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||
Victor Laborie <vlaborie@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>,
|
||||
Benoit Série <bserie@evolix.fr>
|
||||
and others.
|
||||
|
||||
vhost-domains comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU Affero General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
|
||||
show_help() {
|
||||
cat <<EOT
|
||||
Usage: ${PROGNAME} VHOST
|
||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||
If VHOST ends with ".conf" it is stripped,
|
||||
then files are seached at those paths:
|
||||
- /etc/apache2/sites-enables/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST
|
||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||
If VHOST ends with ".conf" it is stripped,
|
||||
then files are seached at those paths:
|
||||
- /etc/apache2/sites-enables/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST.conf
|
||||
- /etc/nginx/sites-enabled/VHOST
|
||||
|
||||
If env variable VERBOSE=1, debug messages are sent to stderr
|
||||
If env variable QUIET=1, no message is output
|
||||
If env variable VERBOSE=1, debug messages are output
|
||||
EOT
|
||||
}
|
||||
|
||||
log() {
|
||||
if [ "${QUIET}" != "1" ]; then
|
||||
echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = 1 ]; then
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -118,14 +141,11 @@ first_vhost_file_found() {
|
|||
}
|
||||
|
||||
main() {
|
||||
if [ "$#" != 1 ]; then
|
||||
>&2 usage
|
||||
exit 1
|
||||
fi
|
||||
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
||||
usage
|
||||
exit 0
|
||||
fi
|
||||
# check arguments
|
||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||
|
||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||
|
||||
local vhost_name=$(basename "$1" .conf)
|
||||
local vhost_file=$(first_vhost_file_found "${vhost_name}")
|
||||
|
@ -148,6 +168,10 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
|
|||
readonly ARGS=$@
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly VERSION="19.11"
|
||||
|
||||
readonly SRV_IP=${SRV_IP:-""}
|
||||
|
||||
main $ARGS
|
||||
|
|
Loading…
Add table
Reference in a new issue