Alexandre Oliveira
7 years ago
1 changed files with 151 additions and 0 deletions
-
151deploy/znc.sh
@ -0,0 +1,151 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy Let's Encrypt certs to ZNC |
|||
# |
|||
# Any non-zero returns means something wrong has occurred |
|||
# |
|||
# If you want to use a custom directory and/or user and group owners, you may set the following variables: |
|||
# |
|||
# $ZNC_DIR_OWNERSHIP - user and group owners for a directory (e.g. export ZNC_DIR_OWNERSHIP="user:group") |
|||
# $ZNC_DIR - ZNC config directory (e.g. export ZNC_DIR="/home/znc/.znc"), more info (check Misc): |
|||
# https://wiki.znc.in/Configuration#File_locations |
|||
|
|||
_ZNC_DIR="/var/lib/znc/.znc" |
|||
_ZNC_DIR_OWNERSHIP="znc:znc" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
znc_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
# shellcheck disable=SC2034 |
|||
_cfullchain="$5" |
|||
|
|||
# Workaround for SC2153. Check if ZNC_DIR_OWNERSHIP is set to zero, |
|||
# then fallback to _ZNC_DIR_OWNERSHIP. |
|||
if [ -z "$ZNC_DIR_OWNERSHIP" ]; then |
|||
ZNC_DIR_OWNERSHIP="$_ZNC_DIR_OWNERSHIP" |
|||
fi |
|||
|
|||
# Allow users to override the default ownership for the ZNC config directory |
|||
if [ -n "$ZNC_DIR_OWNERSHIP" ]; then |
|||
_ZNC_DIR_OWNERSHIP="$ZNC_DIR_OWNERSHIP" |
|||
_info "ZNC config directory ownership set to: $_ZNC_DIR_OWNERSHIP" |
|||
fi |
|||
|
|||
# Retrieve the owner user from a "user:group" string |
|||
# shellcheck disable=SC2034 |
|||
_ZNC_USER="$(_getfield "$_ZNC_DIR_OWNERSHIP" 1 ":")" |
|||
if [ $? != 0 ] || [ -z "$_ZNC_USER" ]; then |
|||
_err "Error trying to parse user from ownership string." |
|||
return $? |
|||
fi |
|||
|
|||
# Retrieve the directory owner group from a "user:group" string |
|||
# shellcheck disable=SC2034 |
|||
_ZNC_GROUP="$(_getfield "$_ZNC_DIR_OWNERSHIP" 2 ":")" |
|||
if [ $? != 0 ] || [ -z "$_ZNC_GROUP" ]; then |
|||
_err "Error trying to parse group from ownership string." |
|||
return $? |
|||
fi |
|||
|
|||
# Workaround for SC2153. Check if ZNC_DIR is set to zero, |
|||
# then fallback to _ZNC_DIR. |
|||
if [ -z "$ZNC_DIR" ]; then |
|||
ZNC_DIR="$_ZNC_DIR" |
|||
fi |
|||
|
|||
# Allow users to override the default ZNC config directory |
|||
if [ -n "$ZNC_DIR" ]; then |
|||
_ZNC_DIR="$ZNC_DIR" |
|||
_info "ZNC config path set to: $_ZNC_DIR" |
|||
fi |
|||
|
|||
# Check if the current user is not root before proceeding. |
|||
_curr_user="$(id -u)" |
|||
if [ "$_curr_user" != "0" ]; then |
|||
# Check if acme.sh is running as the owner of the ZNC config directory |
|||
# This is required to not use chown and change the certificates permissions |
|||
_curr_user="$(id -u -n)" |
|||
if [ "$_curr_user" != "$_ZNC_USER" ]; then |
|||
_err "acme.sh must be run by the ZNC user." |
|||
_err "Please run acme.sh as '$_ZNC_USER'." |
|||
return 1 |
|||
fi |
|||
|
|||
# Check if the current user is a member of the owner group of the config directory |
|||
# This is required to not use chown and change the certificates permissions |
|||
# shellcheck disable=SC2034 |
|||
if ! id -Gn "$_curr_user" | grep -cw "$_ZNC_GROUP"; then |
|||
_err "The current user is not a member of the '$_ZNC_GROUP' group." |
|||
return 2 |
|||
fi |
|||
|
|||
# Check if we can get the owners of the specified config directory |
|||
_dir_ownership="$(_stat "$_ZNC_DIR")" |
|||
if [ $? != 0 ]; then |
|||
_err "Error getting ownership of $_ZNC_DIR" |
|||
return 3 |
|||
fi |
|||
|
|||
# Check if the specified config directory is owned by the specified user and the specified group |
|||
if [ "$_dir_ownership" != "$_ZNC_DIR_OWNERSHIP" ]; then |
|||
_err "The specified ZNC config directory isn't owned by user '$_ZNC_USER' and group '$_ZNC_GROUP'." |
|||
_err "Please specify the correct directory or correct directory ownership." |
|||
return 4 |
|||
fi |
|||
fi |
|||
|
|||
# Save ZNC user and config directory to domain.conf |
|||
_savedomainconf ZNC_DIR "$_ZNC_DIR" |
|||
_savedomainconf ZNC_DIR_OWNERSHIP "$_ZNC_DIR_OWNERSHIP" |
|||
|
|||
# ZNC certificate file location |
|||
_znc_cert="$_ZNC_DIR/znc.pem" |
|||
|
|||
# Please read https://wiki.znc.in/Signed_SSL_certificate |
|||
_info "Generating ZNC certificate file for $_cdomain" |
|||
|
|||
cat "$_ckey" >"$_znc_cert" |
|||
if [ $? != 0 ]; then |
|||
_err "Error generating ZNC certificate file (private key error)." |
|||
return 5 |
|||
fi |
|||
|
|||
cat "$_ccert" >>"$_znc_cert" |
|||
if [ $? != 0 ]; then |
|||
_err "Error generating ZNC certificate file (certificate error)." |
|||
return 6 |
|||
fi |
|||
|
|||
cat "$_cca" >>"$_znc_cert" |
|||
if [ $? != 0 ]; then |
|||
_err "Error generating ZNC certificate file (CA certificate error)." |
|||
return 7 |
|||
fi |
|||
|
|||
# If running as root, check if certificate file owner is ZNC |
|||
_cert_ownership="$(_stat "$_znc_cert")" |
|||
if [ $? != 0 ]; then |
|||
_err "Error getting ownership of: $_znc_cert" |
|||
return 8 |
|||
fi |
|||
|
|||
# Check if the certificate is owned by the ZNC user and group. |
|||
# If not, fix it. |
|||
if [ "$_cert_ownership" != "$_ZNC_DIR_OWNERSHIP" ]; then |
|||
chown $_ZNC_DIR_OWNERSHIP $_znc_cert |
|||
if [ $? != 0 ]; then |
|||
_err "Error changing ownership of: $_znc_cert" |
|||
return 9 |
|||
fi |
|||
|
|||
_info "Changed ownership of '$_znc_cert' to '$_ZNC_DIR_OWNERSHIP'" |
|||
fi |
|||
|
|||
_info "Successfully generated ZNC certificate file at: $_znc_cert" |
|||
return 0 |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue