You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

156 lines
6.3 KiB

  1. #!/usr/bin/env sh
  2. # This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment.
  3. # The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert.
  4. #
  5. # DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command.
  6. # DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh.
  7. #
  8. # returns 0 means success, otherwise error.
  9. ######## Public functions #####################
  10. #domain keyfile certfile cafile fullchain
  11. openmediavault_deploy() {
  12. _cdomain="$1"
  13. _ckey="$2"
  14. _ccert="$3"
  15. _cca="$4"
  16. _cfullchain="$5"
  17. _debug _cdomain "$_cdomain"
  18. _debug _ckey "$_ckey"
  19. _debug _ccert "$_ccert"
  20. _debug _cca "$_cca"
  21. _debug _cfullchain "$_cfullchain"
  22. _getdeployconf DEPLOY_OMV_WEBUI_ADMIN
  23. if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then
  24. DEPLOY_OMV_WEBUI_ADMIN="admin"
  25. fi
  26. _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN"
  27. _getdeployconf DEPLOY_OMV_HOST
  28. _getdeployconf DEPLOY_OMV_SSH_USER
  29. if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
  30. _info "[OMV deploy-hook] Deploy certificate remotely through ssh."
  31. _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST"
  32. _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER"
  33. else
  34. _info "[OMV deploy-hook] Deploy certificate locally."
  35. fi
  36. if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
  37. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'"
  38. # shellcheck disable=SC2029
  39. _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  40. _debug _command "$_command"
  41. if [ -z "$_uuid" ]; then
  42. _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
  43. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'"
  44. # shellcheck disable=SC2029
  45. _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  46. _debug _command "$_command"
  47. if [ -z "$_uuid" ]; then
  48. _err "[OMV deploy-hook] An error occured while creating the certificate"
  49. return 1
  50. fi
  51. fi
  52. _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
  53. _fullchain=$(jq <"$_cfullchain" -aRs .)
  54. _key=$(jq <"$_ckey" -aRs .)
  55. _debug _fullchain "$_fullchain"
  56. _debug _key "$_key"
  57. _info "[OMV deploy-hook] Updating key and certificate in openmediavault"
  58. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
  59. # shellcheck disable=SC2029
  60. _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  61. _debug _command "$_command"
  62. _debug _result "$_result"
  63. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
  64. # shellcheck disable=SC2029
  65. _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  66. _debug _command "$_command"
  67. _debug _result "$_result"
  68. _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
  69. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
  70. # shellcheck disable=SC2029
  71. _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  72. _debug _command "$_command"
  73. _debug _result "$_result"
  74. _info "[OMV deploy-hook] Asking nginx to reload"
  75. _command="nginx -s reload"
  76. # shellcheck disable=SC2029
  77. _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  78. _debug _command "$_command"
  79. _debug _result "$_result"
  80. else
  81. # shellcheck disable=SC2086
  82. _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid')
  83. if [ -z "$_uuid" ]; then
  84. _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
  85. # shellcheck disable=SC2086
  86. _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid')
  87. if [ -z "$_uuid" ]; then
  88. _err "[OMB deploy-hook] An error occured while creating the certificate"
  89. return 1
  90. fi
  91. fi
  92. _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
  93. _fullchain=$(jq <"$_cfullchain" -aRs .)
  94. _key=$(jq <"$_ckey" -aRs .)
  95. _debug _fullchain "$_fullchain"
  96. _debug _key "$_key"
  97. _info "[OMV deploy-hook] Updating key and certificate in openmediavault"
  98. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
  99. _result=$(eval "$_command")
  100. _debug _command "$_command"
  101. _debug _result "$_result"
  102. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
  103. _result=$(eval "$_command")
  104. _debug _command "$_command"
  105. _debug _result "$_result"
  106. _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
  107. _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
  108. _result=$(eval "$_command")
  109. _debug _command "$_command"
  110. _debug _result "$_result"
  111. _info "[OMV deploy-hook] Asking nginx to reload"
  112. _command="nginx -s reload"
  113. _result=$(eval "$_command")
  114. _debug _command "$_command"
  115. _debug _result "$_result"
  116. fi
  117. return 0
  118. }