evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity

evoacme: upstream version 19.11
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Jérémy Lecour 2019-11-05 14:08:02 +01:00 committed by Jérémy Lecour
parent 7e50a460a8
commit ab8c6b13b8
5 changed files with 126 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
* apt: check if cron is installed before adding a cron job * apt: check if cron is installed before adding a cron job
* apt: remove jessie/buster sources from Gandi servers * apt: remove jessie/buster sources from Gandi servers
* certbot : new role to install and configure certbot * certbot : new role to install and configure certbot
* evoacme: upstream version 19.11
* evocheck: upstream version 19.10 * evocheck: upstream version 19.10
* evolinux-base: default value for "evolinux_ssh_group" * evolinux-base: default value for "evolinux_ssh_group"
* evolinux-base: install /sbin/deny * evolinux-base: install /sbin/deny

7
evoacme/README.md
View file

@ -1,10 +1,9 @@
# Evoacme 2.0 # Evoacme 2.0
EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates. The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>
It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/) Shell scripts are copied from the upstream repository after each release.
No changes must be applied directly here ; patch upstream, release then copy here.
Evoacme is open source software licensed under the AGPLv3 License.
## Install ## Install

41
evoacme/files/evoacme.sh
View file

@ -10,17 +10,33 @@
set -e set -e
set -u set -u
usage() { show_version() {
cat <<END
evoacme version ${VERSION}
Copyright 2009-2019 Evolix <info@evolix.fr>,
Victor Laborie <vlaborie@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>,
Benoit Série <bserie@evolix.fr>
and others.
evoacme comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU Affero General Public License v3.0 for details.
END
}
show_help() {
cat <<EOT cat <<EOT
Usage: ${PROGNAME} NAME Usage: ${PROGNAME} NAME
NAME must be correspond to : NAME must be correspond to :
- a CSR in ${CSR_DIR}/NAME.csr - a CSR in ${CSR_DIR}/NAME.csr
- a KEY in ${SSL_KEY_DIR}/NAME.key - a KEY in ${SSL_KEY_DIR}/NAME.key
If env variable TEST=1, certbot is run in staging mode If env variable TEST=1, certbot is run in staging mode
If env variable DRY_RUN=1, certbot is run in dry-run mode If env variable DRY_RUN=1, certbot is run in dry-run mode
If env variable QUIET=1, no message is output If env variable QUIET=1, no message is output
If env variable VERBOSE=1, debug messages are output If env variable VERBOSE=1, debug messages are output
EOT EOT
} }
@ -36,7 +52,7 @@ debug() {
} }
error() { error() {
>&2 echo "${PROGNAME}: $1" >&2 echo "${PROGNAME}: $1"
[ "$1" = "invalid argument(s)" ] && >&2 usage [ "$1" = "invalid argument(s)" ] && >&2 show_help
exit 1 exit 1
} }
@ -75,7 +91,7 @@ sed_cert_path_for_nginx() {
sed -i "s~${search}~${replace}~" "${vhost_full_path}" sed -i "s~${search}~${replace}~" "${vhost_full_path}"
debug "Config in ${vhost_full_path} has been updated" debug "Config in ${vhost_full_path} has been updated"
$(command -v nginx) -t 2>/dev/null $(command -v nginx) -t 2>/dev/null
[ "${?}" -eq 0 ] || $(command -v nginx) -t [ "${?}" -eq 0 ] || $(command -v nginx) -t -q
fi fi
} }
x509_verify() { x509_verify() {
@ -98,7 +114,8 @@ main() {
# check arguments # check arguments
[ "$#" -eq 1 ] || error "invalid argument(s)" [ "$#" -eq 1 ] || error "invalid argument(s)"
[ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0 [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
mkdir -p "${ACME_DIR}" mkdir -p "${ACME_DIR}"
chown acme: "${ACME_DIR}" chown acme: "${ACME_DIR}"
@ -287,6 +304,8 @@ readonly QUIET=${QUIET:-"0"}
readonly TEST=${TEST:-"0"} readonly TEST=${TEST:-"0"}
readonly DRY_RUN=${DRY_RUN:-"0"} readonly DRY_RUN=${DRY_RUN:-"0"}
readonly VERSION="19.11"
# Read configuration file, if it exists # Read configuration file, if it exists
[ -r /etc/default/evoacme ] && . /etc/default/evoacme [ -r /etc/default/evoacme ] && . /etc/default/evoacme

75
evoacme/files/make-csr.sh
View file

@ -9,27 +9,52 @@
set -u set -u
usage() { show_version() {
cat <<EOT cat <<END
Usage: ${PROGNAME} VHOST DOMAIN... make-csr version ${VERSION}
VHOST must correspond to an Apache or Nginx enabled VHost
If VHOST ends with ".conf" it is stripped,
then files are seached at those paths:
- /etc/apache2/sites-enables/VHOST.conf
- /etc/nginx/sites-enabled/VHOST.conf
- /etc/nginx/sites-enabled/VHOST
DOMAIN... is a list of domains for the CSR (passed as arguments or input)
If env variable VERBOSE=1, debug messages are sent to stderr Copyright 2009-2019 Evolix <info@evolix.fr>,
Victor Laborie <vlaborie@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>,
Benoit Série <bserie@evolix.fr>
and others.
make-csr comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU Affero General Public License v3.0 for details.
END
}
show_help() {
cat <<EOT
Usage: ${PROGNAME} VHOST DOMAIN [DOMAIN]
VHOST must correspond to an Apache or Nginx enabled VHost
If VHOST ends with ".conf" it is stripped,
then files are seached at those paths:
- /etc/apache2/sites-enables/VHOST.conf
- /etc/nginx/sites-enabled/VHOST.conf
- /etc/nginx/sites-enabled/VHOST
DOMAIN is a list of domains for the CSR (passed as arguments or input)
If env variable QUIET=1, no message is output
If env variable VERBOSE=1, debug messages are output
EOT EOT
} }
log() {
if [ "${QUIET}" != "1" ]; then
echo "${PROGNAME}: $1"
fi
}
debug() { debug() {
if [ "${VERBOSE}" = 1 ]; then if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
>&2 echo "${PROGNAME}: $1" >&2 echo "${PROGNAME}: $1"
fi fi
} }
error() { error() {
>&2 echo "${PROGNAME}: $1" >&2 echo "${PROGNAME}: $1"
[ "$1" = "invalid argument(s)" ] && >&2 show_help
exit 1 exit 1
} }
@ -173,13 +198,15 @@ EOF
} }
main() { main() {
# We must have at least 1 argument
[ "$#" -ge 1 ] || error "invalid argument(s)"
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
if [ -t 0 ]; then if [ -t 0 ]; then
# We have STDIN, so we should have at least 2 arguments # We have STDIN, so we should have 2 arguments
if [ "$#" -lt 2 ]; then [ "$#" -eq 2 ] || error "invalid argument(s)"
>&2 echo "invalid arguments"
>&2 usage
exit 1
fi
# read VHOST from first argument # read VHOST from first argument
VHOST="$1" VHOST="$1"
# remove the first argument # remove the first argument
@ -187,12 +214,9 @@ main() {
# read domains from remaining arguments # read domains from remaining arguments
DOMAINS=$@ DOMAINS=$@
else else
# We don't have STDIN, so we should have only 1 argument # We don't have STDIN, so we should have 1 argument
if [ "$#" != 1 ]; then [ "$#" -eq 1 ] || error "invalid argument(s)"
>&2 echo "invalid arguments"
>&2 usage
exit 1
fi
# read VHOST from first argument # read VHOST from first argument
VHOST="$1" VHOST="$1"
# read domains from input # read domains from input
@ -239,6 +263,9 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
readonly ARGS=$@ readonly ARGS=$@
readonly VERBOSE=${VERBOSE:-"0"} readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
readonly VERSION="19.11"
# Read configuration file, if it exists # Read configuration file, if it exists
[ -r /etc/default/evoacme ] && . /etc/default/evoacme [ -r /etc/default/evoacme ] && . /etc/default/evoacme

58
evoacme/files/vhost-domains.sh
View file

@ -9,27 +9,50 @@
set -u set -u
usage() { show_version() {
cat <<END
vhost-domains version ${VERSION}
Copyright 2009-2019 Evolix <info@evolix.fr>,
Victor Laborie <vlaborie@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>,
Benoit Série <bserie@evolix.fr>
and others.
vhost-domains comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU Affero General Public License v3.0 for details.
END
}
show_help() {
cat <<EOT cat <<EOT
Usage: ${PROGNAME} VHOST Usage: ${PROGNAME} VHOST
VHOST must correspond to an Apache or Nginx enabled VHost VHOST must correspond to an Apache or Nginx enabled VHost
If VHOST ends with ".conf" it is stripped, If VHOST ends with ".conf" it is stripped,
then files are seached at those paths: then files are seached at those paths:
- /etc/apache2/sites-enables/VHOST.conf - /etc/apache2/sites-enables/VHOST.conf
- /etc/nginx/sites-enabled/VHOST.conf - /etc/nginx/sites-enabled/VHOST.conf
- /etc/nginx/sites-enabled/VHOST - /etc/nginx/sites-enabled/VHOST
If env variable VERBOSE=1, debug messages are sent to stderr If env variable QUIET=1, no message is output
If env variable VERBOSE=1, debug messages are output
EOT EOT
} }
log() {
if [ "${QUIET}" != "1" ]; then
echo "${PROGNAME}: $1"
fi
}
debug() { debug() {
if [ "${VERBOSE}" = 1 ]; then if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
>&2 echo "${PROGNAME}: $1" >&2 echo "${PROGNAME}: $1"
fi fi
} }
error() { error() {
>&2 echo "${PROGNAME}: $1" >&2 echo "${PROGNAME}: $1"
[ "$1" = "invalid argument(s)" ] && >&2 show_help
exit 1 exit 1
} }
@ -118,14 +141,11 @@ first_vhost_file_found() {
} }
main() { main() {
if [ "$#" != 1 ]; then # check arguments
>&2 usage [ "$#" -eq 1 ] || error "invalid argument(s)"
exit 1
fi [ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then [ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
usage
exit 0
fi
local vhost_name=$(basename "$1" .conf) local vhost_name=$(basename "$1" .conf)
local vhost_file=$(first_vhost_file_found "${vhost_name}") local vhost_file=$(first_vhost_file_found "${vhost_name}")
@ -148,6 +168,10 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
readonly ARGS=$@ readonly ARGS=$@
readonly VERBOSE=${VERBOSE:-"0"} readonly VERBOSE=${VERBOSE:-"0"}
readonly QUIET=${QUIET:-"0"}
readonly VERSION="19.11"
readonly SRV_IP=${SRV_IP:-""} readonly SRV_IP=${SRV_IP:-""}
main $ARGS main $ARGS