Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add default hooks

pull/5/head
Rodolphe Breard 6 years ago
parent
7eed211434
commit
b7c3e4d381
4 changed files with 169 additions and 65 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      Makefile
  2. 64
      acmed/acmed_example.toml
  3. 17
      acmed/config/acmed.toml
  4. 150
      acmed/config/default_hooks.toml

3
Makefile
View File

@ -40,7 +40,8 @@ install:
install -D --mode=0644 $(TARGET_DIR)/man/acmed.8.gz $(DESTDIR)$(DATADIR)/man/man8/acmed.8.gz install -D --mode=0644 $(TARGET_DIR)/man/acmed.8.gz $(DESTDIR)$(DATADIR)/man/man8/acmed.8.gz
install -D --mode=0644 $(TARGET_DIR)/man/acmed.toml.5.gz $(DESTDIR)$(DATADIR)/man/man5/acmed.toml.5.gz install -D --mode=0644 $(TARGET_DIR)/man/acmed.toml.5.gz $(DESTDIR)$(DATADIR)/man/man5/acmed.toml.5.gz
install -D --mode=0644 $(TARGET_DIR)/man/tacd.8.gz $(DESTDIR)$(DATADIR)/man/man8/tacd.8.gz install -D --mode=0644 $(TARGET_DIR)/man/tacd.8.gz $(DESTDIR)$(DATADIR)/man/man8/tacd.8.gz
install -D --mode=0644 acmed/acmed_example.toml $(DESTDIR)$(SYSCONFDIR)/acmed/acmed.toml
install -D --mode=0644 acmed/config/acmed.toml $(DESTDIR)$(SYSCONFDIR)/acmed/acmed.toml
install -D --mode=0644 acmed/config/default_hooks.toml $(DESTDIR)$(SYSCONFDIR)/acmed/default_hooks.toml
install -d --mode=0700 $(DESTDIR)$(SYSCONFDIR)/acmed/accounts install -d --mode=0700 $(DESTDIR)$(SYSCONFDIR)/acmed/accounts
install -d --mode=0755 $(DESTDIR)$(SYSCONFDIR)/acmed/certs install -d --mode=0755 $(DESTDIR)$(SYSCONFDIR)/acmed/certs

64
acmed/acmed_example.toml
View File

@ -1,64 +0,0 @@
[global]
accounts_directory = "/etc/acmed/accounts"
certificates_directory = "/etc/acmed/certs"
[[endpoint]]
name = "letsencrypt v2 prod"
url = "https://acme-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[endpoint]]
name = "letsencrypt v2 staging"
url = "https://acme-staging-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[hook]]
name = "http-echo-create"
type = ["challenge-http-01"]
cmd = "echo"
args = ["{{proof}}"]
stdout = "/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}"
[[hook]]
name = "http-echo-clean"
type = ["challenge-http-01-clean"]
cmd = "rm"
args = [
"-f",
"/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[group]]
name = "http-echo"
hooks = ["http-echo-create", "http-echo-clean"]
[[hook]]
name = "email-report"
type = ["post-operation"]
cmd = "sendmail"
args = [
"-f", "noreply@example.org",
"john.doe@example.org"
]
stdin = """Subject: Certificate renewal alert for {{domains.[0]}}
The following certificate is being renewed.
domains: {{#each domains}}{{#if @index}}, {{/if}}{{this}}{{/each}}
algorithm: {{algorithm}}
status: {{status}}"""
[[account]]
name = "test_account"
email = "certs@example.org"
[[certificate]]
account = "test_account"
endpoint = "letsencrypt v2 staging"
domains = [
{ dns = "example.org", challenge = "http-01"},
{ dns = "sub-1.example.org", challenge = "http-01" },
{ dns = "sub-2.example.org", challenge = "http-01" }
]
algorithm = "ecdsa_p384"
kp_reuse = false
hooks = ["http-echo", "email-report"]

17
acmed/config/acmed.toml
View File

@ -0,0 +1,17 @@
include = [
"default_hooks.toml"
]
[global]
accounts_directory = "/etc/acmed/accounts"
certificates_directory = "/etc/acmed/certs"
[[endpoint]]
name = "letsencrypt v2 prod"
url = "https://acme-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[endpoint]]
name = "letsencrypt v2 staging"
url = "https://acme-staging-v02.api.letsencrypt.org/directory"
tos_agreed = false

150
acmed/config/default_hooks.toml
View File

@ -0,0 +1,150 @@
# Copyright (c) 2019 Rodolphe Bréard <rodolphe@breard.tf>
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without any warranty.
# ------------------------------------------------------------------------
# Default hooks for ACMEd
# You should not edit this file since it may be overridden by a newer one.
# ------------------------------------------------------------------------
#
# http-01 challenge in "/var/www/{{domain}}/"
#
[[hook]]
name = "http-01-echo-mkdir"
type = ["challenge-http-01"]
cmd = "mkdir"
args = [
"-m", "0755",
"-p", "/var/www/{{domain}}/.well-known/acme-challenge"
]
[[hook]]
name = "http-01-echo-echo"
type = ["challenge-http-01"]
cmd = "echo"
args = ["{{proof}}"]
stdout = "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
[[hook]]
name = "http-01-echo-chmod"
type = ["challenge-http-01-clean"]
cmd = "chmod"
args = [
"a+r",
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[hook]]
name = "http-01-echo-clean"
type = ["challenge-http-01-clean"]
cmd = "rm"
args = [
"-f",
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[group]]
name = "http-01-echo-var-www"
hooks = [
"http-01-echo-mkdir",
"http-01-echo-echo",
"http-01-echo-chmod",
"http-01-echo-clean"
]
#
# tls-alpn-01 challenge with tacd
#
[[hook]]
name = "tls-alpn-01-tacd-start-tcp"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
"--pid-file", "/tmp/tacd_{{domain}}.pid",
"--domain", "{{domain}}",
"--acme-ext", "{{proof}}",
"--listen", "{{domain}}:5001"
]
[[hook]]
name = "tls-alpn-01-tacd-start-unix"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
"--pid-file", "/tmp/tacd_{{domain}}.pid",
"--domain", "{{domain}}",
"--acme-ext", "{{proof}}",
"--listen", "unix:/tmp/tacd_{{domain}}.sock"
]
[[hook]]
name = "tls-alpn-01-tacd-kill"
type = ["challenge-tls-alpn-01-clean"]
cmd = "pkill"
args = [
"-F", "/tmp/tacd_{{domain}}.pid"
]
[[hook]]
name = "tls-alpn-01-tacd-rm"
type = ["challenge-tls-alpn-01-clean"]
cmd = "rm"
args = [
"-f", "/tmp/tacd_{{domain}}.pid"
]
[[group]]
name = "tls-alpn-01-tacd-tcp"
hooks = ["tls-alpn-01-tacd-start-tcp", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]
[[group]]
name = "tls-alpn-01-tacd-tcp-unix"
hooks = ["tls-alpn-01-tacd-start-unix", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]
#
# Git storage hook
#
[[hook]]
name = "git-init"
type = ["file-pre-create", "file-pre-edit"]
cmd = "git"
args = [
"init",
"{{file_directory}}"
]
[[hook]]
name = "git-add"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
"-C", "{{file_directory}}",
"add", "{{file_name}}"
]
[[hook]]
name = "git-commit"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
"-C", "{{file_directory}}",
"-c", "user.name=ACMEd",
"-c", "user.email=acmed@localhost",
"commit",
"-m", "{{file_name}}",
"--only", "{{file_name}}"
]
[[group]]
name = "git"
hooks = ["git-init", "git-add", "git-commit"]
Write Preview
Loading…
Cancel
Save