acmed/config/default_hooks.toml

# Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without any warranty.

# ------------------------------------------------------------------------
# Default hooks for ACMEd
# You should not edit this file since it may be overridden by a newer one.
# ------------------------------------------------------------------------


#
# http-01 challenge in "/var/www/{{ identifier }}/"
#

[[hook]]
name = "http-01-echo-mkdir"
type = ["challenge-http-01"]
cmd = "mkdir"
args = [
    "-m", "0755",
    "-p", "{{ env.HTTP_ROOT | default('/var/www') }}/{{ identifier }}/.well-known/acme-challenge"
]
allow_failure = true

[[hook]]
name = "http-01-echo-echo"
type = ["challenge-http-01"]
cmd = "echo"
args = ["{{ proof }}"]
stdout = "{{ env.HTTP_ROOT | default('/var/www') }}/{{ identifier }}/.well-known/acme-challenge/{{ file_name }}"

[[hook]]
name = "http-01-echo-chmod"
type = ["challenge-http-01"]
cmd = "chmod"
args = [
    "a+r",
    "{{ env.HTTP_ROOT | default('/var/www') }}/{{ identifier }}/.well-known/acme-challenge/{{ file_name }}"
]
allow_failure = true

[[hook]]
name = "http-01-echo-clean"
type = ["challenge-http-01-clean"]
cmd = "rm"
args = [
    "-f",
    "{{ env.HTTP_ROOT | default('/var/www') }}/{{ identifier }}/.well-known/acme-challenge/{{ file_name }}"
]
allow_failure = true

[[group]]
name = "http-01-echo"
hooks = [
    "http-01-echo-mkdir",
    "http-01-echo-echo",
    "http-01-echo-chmod",
    "http-01-echo-clean"
]


#
# tls-alpn-01 challenge with tacd
#

[[hook]]
name = "tls-alpn-01-tacd-start-tcp"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
    "--pid-file", "{{ env.TACD_PID_ROOT | default('/run') }}/tacd_{{ identifier }}.pid",
    "--domain", "{{ identifier_tls_alpn }}",
    "--acme-ext", "{{ proof }}",
    "--listen", "{{ env.TACD_PORT | default('5001') }}"
]

[[hook]]
name = "tls-alpn-01-tacd-start-unix"
type = ["challenge-tls-alpn-01"]
cmd = "tacd"
args = [
    "--pid-file", "{{ env.TACD_PID_ROOT | default('/run') }}/tacd_{{ identifier }}.pid",
    "--domain", "{{ identifier_tls_alpn }}",
    "--acme-ext", "{{ proof }}",
    "--listen", "unix:{{ env.TACD_SOCK_ROOT | default('/run') }}/tacd_{{ identifier }}.sock"
]

[[hook]]
name = "tls-alpn-01-tacd-kill"
type = ["challenge-tls-alpn-01-clean"]
cmd = "pkill"
args = [
    "-F", "{{ env.TACD_PID_ROOT | default('/run') }}/tacd_{{ identifier }}.pid",
]
allow_failure = true

[[hook]]
name = "tls-alpn-01-tacd-rm"
type = ["challenge-tls-alpn-01-clean"]
cmd = "rm"
args = [
    "-f", "{{ env.TACD_PID_ROOT | default('/run') }}/tacd_{{ identifier }}.pid",
]
allow_failure = true

[[group]]
name = "tls-alpn-01-tacd-tcp"
hooks = ["tls-alpn-01-tacd-start-tcp", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]

[[group]]
name = "tls-alpn-01-tacd-unix"
hooks = ["tls-alpn-01-tacd-start-unix", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"]


#
# Git storage hook
#

[[hook]]
name = "git-init"
type = ["file-pre-create", "file-pre-edit"]
cmd = "git"
args = [
    "init",
    "{{ file_directory }}"
]

[[hook]]
name = "git-add"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
    "-C", "{{ file_directory }}",
    "add", "{{ file_name }}"
]
allow_failure = true

[[hook]]
name = "git-commit"
type = ["file-post-create", "file-post-edit"]
cmd = "git"
args = [
    "-C", "{{ file_directory }}",
    "-c", "user.name='{{ env.GIT_USERNAME | default('ACMEd') }}'",
    "-c", "user.email='{{ env.GIT_EMAIL | default('acmed@localhost') }}'",
    "commit",
    "-m", "{{ file_name }}",
    "--only", "{{ file_name }}"
]
allow_failure = true

[[group]]
name = "git"
hooks = ["git-init", "git-add", "git-commit"]