Browse Source

Add default hooks

pull/5/head
Rodolphe Breard 6 years ago
parent
commit
b7c3e4d381
  1. 3
      Makefile
  2. 64
      acmed/acmed_example.toml
  3. 17
      acmed/config/acmed.toml
  4. 150
      acmed/config/default_hooks.toml

3
Makefile

@ -40,7 +40,8 @@ install:
install -D --mode=0644 $(TARGET_DIR)/man/acmed.8.gz $(DESTDIR)$(DATADIR)/man/man8/acmed.8.gz
install -D --mode=0644 $(TARGET_DIR)/man/acmed.toml.5.gz $(DESTDIR)$(DATADIR)/man/man5/acmed.toml.5.gz
install -D --mode=0644 $(TARGET_DIR)/man/tacd.8.gz $(DESTDIR)$(DATADIR)/man/man8/tacd.8.gz
install -D --mode=0644 acmed/acmed_example.toml $(DESTDIR)$(SYSCONFDIR)/acmed/acmed.toml
install -D --mode=0644 acmed/config/acmed.toml $(DESTDIR)$(SYSCONFDIR)/acmed/acmed.toml
install -D --mode=0644 acmed/config/default_hooks.toml $(DESTDIR)$(SYSCONFDIR)/acmed/default_hooks.toml
install -d --mode=0700 $(DESTDIR)$(SYSCONFDIR)/acmed/accounts
install -d --mode=0755 $(DESTDIR)$(SYSCONFDIR)/acmed/certs

64
acmed/acmed_example.toml

@ -1,64 +0,0 @@
[global]
accounts_directory = "/etc/acmed/accounts"
certificates_directory = "/etc/acmed/certs"
[[endpoint]]
name = "letsencrypt v2 prod"
url = "https://acme-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[endpoint]]
name = "letsencrypt v2 staging"
url = "https://acme-staging-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[hook]]
name = "http-echo-create"
type = ["challenge-http-01"]
cmd = "echo"
args = ["{{proof}}"]
stdout = "/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}"
[[hook]]
name = "http-echo-clean"
type = ["challenge-http-01-clean"]
cmd = "rm"
args = [
"-f",
"/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[group]]
name = "http-echo"
hooks = ["http-echo-create", "http-echo-clean"]
[[hook]]
name = "email-report"
type = ["post-operation"]
cmd = "sendmail"
args = [
"-f", "noreply@example.org",
"john.doe@example.org"
]
stdin = """Subject: Certificate renewal alert for {{domains.[0]}}
The following certificate is being renewed.
domains: {{#each domains}}{{#if @index}}, {{/if}}{{this}}{{/each}}
algorithm: {{algorithm}}
status: {{status}}"""
[[account]]
name = "test_account"
email = "certs@example.org"
[[certificate]]
account = "test_account"
endpoint = "letsencrypt v2 staging"
domains = [
{ dns = "example.org", challenge = "http-01"},
{ dns = "sub-1.example.org", challenge = "http-01" },
{ dns = "sub-2.example.org", challenge = "http-01" }
]
algorithm = "ecdsa_p384"
kp_reuse = false
hooks = ["http-echo", "email-report"]

17
acmed/config/acmed.toml

@ -0,0 +1,17 @@
include = [
"default_hooks.toml"
]
[global]
accounts_directory = "/etc/acmed/accounts"
certificates_directory = "/etc/acmed/certs"
[[endpoint]]
name = "letsencrypt v2 prod"
url = "https://acme-v02.api.letsencrypt.org/directory"
tos_agreed = false
[[endpoint]]
name = "letsencrypt v2 staging"
url = "https://acme-staging-v02.api.letsencrypt.org/directory"
tos_agreed = false

150
acmed/config/default_hooks.toml

@ -0,0 +1,150 @@
# Copyright (c) 2019 Rodolphe Bréard <rodolphe@breard.tf>
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without any warranty.
# ------------------------------------------------------------------------
# Default hooks for ACMEd
# You should not edit this file since it may be overridden by a newer one.
# ------------------------------------------------------------------------
#
# http-01 challenge in "/var/www/{{domain}}/"
#
[[hook]]
name = "http-01-echo-mkdir"
type = ["challenge-http-01"]
cmd = "mkdir"
args = [
"-m", "0755",
"-p", "/var/www/{{domain}}/.well-known/acme-challenge"
]
[[hook]]
name = "http-01-echo-echo"
type = ["challenge-http-01"]
cmd = "echo"
args = ["{{proof}}"]
stdout = "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
[[hook]]
name = "http-01-echo-chmod"
type = ["challenge-http-01-clean"]
cmd = "chmod"
args = [
"a+r",
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[hook]]
name = "http-01-echo-clean"
type = ["challenge-http-01-clean"]
cmd = "rm"
args = [
"-f",
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}"
]
[[group]]
name = "http-01-echo-var-www"
hooks = [
"http-01-echo-mkdir",
"http-01-echo-echo",
"http-01-echo-chmod",
"http-01-echo-clean"
]
#
# tls-alpn-01 challenge with tacd
#
[[hook]]
name = "tls-alpn-01-tacd-start-tcp"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
"--pid-file", "/tmp/tacd_{{domain}}.pid",
"--domain", "{{domain}}",
"--acme-ext", "{{proof}}",
"--listen", "{{domain}}:5001"
]
[[hook]]
name = "tls-alpn-01-tacd-start-unix"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
"--pid-file", "/tmp/tacd_{{domain}}.pid",
"--domain", "{{domain}}",
"--acme-ext", "{{proof}}",
"--listen", "unix:/tmp/tacd_{{domain}}.sock"
]
[[hook]]
name = "tls-alpn-01-tacd-kill"
type = ["challenge-tls-alpn-01-clean"]
cmd = "pkill"
args = [
"-F", "/tmp/tacd_{{domain}}.pid"
]
[[hook]]
name = "tls-alpn-01-tacd-rm"
type = ["challenge-tls-alpn-01-clean"]
cmd = "rm"
args = [
"-f", "/tmp/tacd_{{domain}}.pid"
]
[[group]]
name = "tls-alpn-01-tacd-tcp"
hooks = ["tls-alpn-01-tacd-start-tcp", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]
[[group]]
name = "tls-alpn-01-tacd-tcp-unix"
hooks = ["tls-alpn-01-tacd-start-unix", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]
#
# Git storage hook
#
[[hook]]
name = "git-init"
type = ["file-pre-create", "file-pre-edit"]
cmd = "git"
args = [
"init",
"{{file_directory}}"
]
[[hook]]
name = "git-add"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
"-C", "{{file_directory}}",
"add", "{{file_name}}"
]
[[hook]]
name = "git-commit"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
"-C", "{{file_directory}}",
"-c", "user.name=ACMEd",
"-c", "user.email=acmed@localhost",
"commit",
"-m", "{{file_name}}",
"--only", "{{file_name}}"
]
[[group]]
name = "git"
hooks = ["git-init", "git-add", "git-commit"]
Loading…
Cancel
Save