forked from evolix/ansible-roles
evoacme: upstream version 19.11
This commit is contained in:
parent
7e50a460a8
commit
ab8c6b13b8
|
@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* apt: check if cron is installed before adding a cron job
|
* apt: check if cron is installed before adding a cron job
|
||||||
* apt: remove jessie/buster sources from Gandi servers
|
* apt: remove jessie/buster sources from Gandi servers
|
||||||
* certbot : new role to install and configure certbot
|
* certbot : new role to install and configure certbot
|
||||||
|
* evoacme: upstream version 19.11
|
||||||
* evocheck: upstream version 19.10
|
* evocheck: upstream version 19.10
|
||||||
* evolinux-base: default value for "evolinux_ssh_group"
|
* evolinux-base: default value for "evolinux_ssh_group"
|
||||||
* evolinux-base: install /sbin/deny
|
* evolinux-base: install /sbin/deny
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
# Evoacme 2.0
|
# Evoacme 2.0
|
||||||
|
|
||||||
EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
|
The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>
|
||||||
|
|
||||||
It is a project hosted at [Evolix's forge](https://gitea.evolix.org/evolix/ansible-roles/)
|
Shell scripts are copied from the upstream repository after each release.
|
||||||
|
No changes must be applied directly here ; patch upstream, release then copy here.
|
||||||
Evoacme is open source software licensed under the AGPLv3 License.
|
|
||||||
|
|
||||||
## Install
|
## Install
|
||||||
|
|
||||||
|
|
|
@ -10,17 +10,33 @@
|
||||||
set -e
|
set -e
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
usage() {
|
show_version() {
|
||||||
|
cat <<END
|
||||||
|
evoacme version ${VERSION}
|
||||||
|
|
||||||
|
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||||
|
Victor Laborie <vlaborie@evolix.fr>,
|
||||||
|
Jérémy Lecour <jlecour@evolix.fr>,
|
||||||
|
Benoit Série <bserie@evolix.fr>
|
||||||
|
and others.
|
||||||
|
|
||||||
|
evoacme comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||||
|
and you are welcome to redistribute it under certain conditions.
|
||||||
|
See the GNU Affero General Public License v3.0 for details.
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
show_help() {
|
||||||
cat <<EOT
|
cat <<EOT
|
||||||
Usage: ${PROGNAME} NAME
|
Usage: ${PROGNAME} NAME
|
||||||
NAME must be correspond to :
|
NAME must be correspond to :
|
||||||
- a CSR in ${CSR_DIR}/NAME.csr
|
- a CSR in ${CSR_DIR}/NAME.csr
|
||||||
- a KEY in ${SSL_KEY_DIR}/NAME.key
|
- a KEY in ${SSL_KEY_DIR}/NAME.key
|
||||||
|
|
||||||
If env variable TEST=1, certbot is run in staging mode
|
If env variable TEST=1, certbot is run in staging mode
|
||||||
If env variable DRY_RUN=1, certbot is run in dry-run mode
|
If env variable DRY_RUN=1, certbot is run in dry-run mode
|
||||||
If env variable QUIET=1, no message is output
|
If env variable QUIET=1, no message is output
|
||||||
If env variable VERBOSE=1, debug messages are output
|
If env variable VERBOSE=1, debug messages are output
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -36,7 +52,7 @@ debug() {
|
||||||
}
|
}
|
||||||
error() {
|
error() {
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
[ "$1" = "invalid argument(s)" ] && >&2 usage
|
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,7 +91,7 @@ sed_cert_path_for_nginx() {
|
||||||
sed -i "s~${search}~${replace}~" "${vhost_full_path}"
|
sed -i "s~${search}~${replace}~" "${vhost_full_path}"
|
||||||
debug "Config in ${vhost_full_path} has been updated"
|
debug "Config in ${vhost_full_path} has been updated"
|
||||||
$(command -v nginx) -t 2>/dev/null
|
$(command -v nginx) -t 2>/dev/null
|
||||||
[ "${?}" -eq 0 ] || $(command -v nginx) -t
|
[ "${?}" -eq 0 ] || $(command -v nginx) -t -q
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
x509_verify() {
|
x509_verify() {
|
||||||
|
@ -98,7 +114,8 @@ main() {
|
||||||
# check arguments
|
# check arguments
|
||||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||||
|
|
||||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
|
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||||
|
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||||
|
|
||||||
mkdir -p "${ACME_DIR}"
|
mkdir -p "${ACME_DIR}"
|
||||||
chown acme: "${ACME_DIR}"
|
chown acme: "${ACME_DIR}"
|
||||||
|
@ -287,6 +304,8 @@ readonly QUIET=${QUIET:-"0"}
|
||||||
readonly TEST=${TEST:-"0"}
|
readonly TEST=${TEST:-"0"}
|
||||||
readonly DRY_RUN=${DRY_RUN:-"0"}
|
readonly DRY_RUN=${DRY_RUN:-"0"}
|
||||||
|
|
||||||
|
readonly VERSION="19.11"
|
||||||
|
|
||||||
# Read configuration file, if it exists
|
# Read configuration file, if it exists
|
||||||
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
||||||
|
|
||||||
|
|
|
@ -9,27 +9,52 @@
|
||||||
|
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
usage() {
|
show_version() {
|
||||||
cat <<EOT
|
cat <<END
|
||||||
Usage: ${PROGNAME} VHOST DOMAIN...
|
make-csr version ${VERSION}
|
||||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
|
||||||
If VHOST ends with ".conf" it is stripped,
|
|
||||||
then files are seached at those paths:
|
|
||||||
- /etc/apache2/sites-enables/VHOST.conf
|
|
||||||
- /etc/nginx/sites-enabled/VHOST.conf
|
|
||||||
- /etc/nginx/sites-enabled/VHOST
|
|
||||||
DOMAIN... is a list of domains for the CSR (passed as arguments or input)
|
|
||||||
|
|
||||||
If env variable VERBOSE=1, debug messages are sent to stderr
|
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||||
|
Victor Laborie <vlaborie@evolix.fr>,
|
||||||
|
Jérémy Lecour <jlecour@evolix.fr>,
|
||||||
|
Benoit Série <bserie@evolix.fr>
|
||||||
|
and others.
|
||||||
|
|
||||||
|
make-csr comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||||
|
and you are welcome to redistribute it under certain conditions.
|
||||||
|
See the GNU Affero General Public License v3.0 for details.
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
show_help() {
|
||||||
|
cat <<EOT
|
||||||
|
Usage: ${PROGNAME} VHOST DOMAIN [DOMAIN]
|
||||||
|
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||||
|
If VHOST ends with ".conf" it is stripped,
|
||||||
|
then files are seached at those paths:
|
||||||
|
- /etc/apache2/sites-enables/VHOST.conf
|
||||||
|
- /etc/nginx/sites-enabled/VHOST.conf
|
||||||
|
- /etc/nginx/sites-enabled/VHOST
|
||||||
|
|
||||||
|
DOMAIN is a list of domains for the CSR (passed as arguments or input)
|
||||||
|
|
||||||
|
If env variable QUIET=1, no message is output
|
||||||
|
If env variable VERBOSE=1, debug messages are output
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log() {
|
||||||
|
if [ "${QUIET}" != "1" ]; then
|
||||||
|
echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
debug() {
|
debug() {
|
||||||
if [ "${VERBOSE}" = 1 ]; then
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
error() {
|
error() {
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -173,13 +198,15 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
# We must have at least 1 argument
|
||||||
|
[ "$#" -ge 1 ] || error "invalid argument(s)"
|
||||||
|
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||||
|
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||||
|
|
||||||
if [ -t 0 ]; then
|
if [ -t 0 ]; then
|
||||||
# We have STDIN, so we should have at least 2 arguments
|
# We have STDIN, so we should have 2 arguments
|
||||||
if [ "$#" -lt 2 ]; then
|
[ "$#" -eq 2 ] || error "invalid argument(s)"
|
||||||
>&2 echo "invalid arguments"
|
|
||||||
>&2 usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# read VHOST from first argument
|
# read VHOST from first argument
|
||||||
VHOST="$1"
|
VHOST="$1"
|
||||||
# remove the first argument
|
# remove the first argument
|
||||||
|
@ -187,12 +214,9 @@ main() {
|
||||||
# read domains from remaining arguments
|
# read domains from remaining arguments
|
||||||
DOMAINS=$@
|
DOMAINS=$@
|
||||||
else
|
else
|
||||||
# We don't have STDIN, so we should have only 1 argument
|
# We don't have STDIN, so we should have 1 argument
|
||||||
if [ "$#" != 1 ]; then
|
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||||
>&2 echo "invalid arguments"
|
|
||||||
>&2 usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# read VHOST from first argument
|
# read VHOST from first argument
|
||||||
VHOST="$1"
|
VHOST="$1"
|
||||||
# read domains from input
|
# read domains from input
|
||||||
|
@ -239,6 +263,9 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
|
||||||
readonly ARGS=$@
|
readonly ARGS=$@
|
||||||
|
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
readonly VERSION="19.11"
|
||||||
|
|
||||||
# Read configuration file, if it exists
|
# Read configuration file, if it exists
|
||||||
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
[ -r /etc/default/evoacme ] && . /etc/default/evoacme
|
||||||
|
|
|
@ -9,27 +9,50 @@
|
||||||
|
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
usage() {
|
show_version() {
|
||||||
|
cat <<END
|
||||||
|
vhost-domains version ${VERSION}
|
||||||
|
|
||||||
|
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||||
|
Victor Laborie <vlaborie@evolix.fr>,
|
||||||
|
Jérémy Lecour <jlecour@evolix.fr>,
|
||||||
|
Benoit Série <bserie@evolix.fr>
|
||||||
|
and others.
|
||||||
|
|
||||||
|
vhost-domains comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||||
|
and you are welcome to redistribute it under certain conditions.
|
||||||
|
See the GNU Affero General Public License v3.0 for details.
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
show_help() {
|
||||||
cat <<EOT
|
cat <<EOT
|
||||||
Usage: ${PROGNAME} VHOST
|
Usage: ${PROGNAME} VHOST
|
||||||
VHOST must correspond to an Apache or Nginx enabled VHost
|
VHOST must correspond to an Apache or Nginx enabled VHost
|
||||||
If VHOST ends with ".conf" it is stripped,
|
If VHOST ends with ".conf" it is stripped,
|
||||||
then files are seached at those paths:
|
then files are seached at those paths:
|
||||||
- /etc/apache2/sites-enables/VHOST.conf
|
- /etc/apache2/sites-enables/VHOST.conf
|
||||||
- /etc/nginx/sites-enabled/VHOST.conf
|
- /etc/nginx/sites-enabled/VHOST.conf
|
||||||
- /etc/nginx/sites-enabled/VHOST
|
- /etc/nginx/sites-enabled/VHOST
|
||||||
|
|
||||||
If env variable VERBOSE=1, debug messages are sent to stderr
|
If env variable QUIET=1, no message is output
|
||||||
|
If env variable VERBOSE=1, debug messages are output
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log() {
|
||||||
|
if [ "${QUIET}" != "1" ]; then
|
||||||
|
echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
debug() {
|
debug() {
|
||||||
if [ "${VERBOSE}" = 1 ]; then
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
error() {
|
error() {
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
[ "$1" = "invalid argument(s)" ] && >&2 show_help
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -118,14 +141,11 @@ first_vhost_file_found() {
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
if [ "$#" != 1 ]; then
|
# check arguments
|
||||||
>&2 usage
|
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||||
exit 1
|
|
||||||
fi
|
[ "$1" = "-h" ] || [ "$1" = "--help" ] && show_help && exit 0
|
||||||
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
[ "$1" = "-V" ] || [ "$1" = "--version" ] && show_version && exit 0
|
||||||
usage
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
local vhost_name=$(basename "$1" .conf)
|
local vhost_name=$(basename "$1" .conf)
|
||||||
local vhost_file=$(first_vhost_file_found "${vhost_name}")
|
local vhost_file=$(first_vhost_file_found "${vhost_name}")
|
||||||
|
@ -148,6 +168,10 @@ readonly PROGDIR=$(realpath -m $(dirname "$0"))
|
||||||
readonly ARGS=$@
|
readonly ARGS=$@
|
||||||
|
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
readonly VERSION="19.11"
|
||||||
|
|
||||||
readonly SRV_IP=${SRV_IP:-""}
|
readonly SRV_IP=${SRV_IP:-""}
|
||||||
|
|
||||||
main $ARGS
|
main $ARGS
|
||||||
|
|
Loading…
Reference in a new issue