Steven/certman
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Finished!

Browse Source
This commit is contained in:
Steven Tracey
2023-06-02 03:20:08 -04:00
parent 25e5918e5d
commit 323b70eb9f
2 changed files with 80 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certmgr
View File

Binary file not shown.

109
main.go
View File

@@ -1,19 +1,21 @@
package main package main
import ( import (
"bufio"
"code.gitea.io/sdk/gitea" "code.gitea.io/sdk/gitea"
"fmt" "fmt"
"git.nevets.tech/Steven/ezconf" "git.nevets.tech/Steven/ezconf"
"github.com/go-git/go-git/v5/plumbing/object" "github.com/go-git/go-git/v5/plumbing/object"
"io"
"os/exec" "os/exec"
"strings" "strings"
"time" "time"
billy "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
memfs "github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-billy/v5/memfs"
git "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5"
http "github.com/go-git/go-git/v5/plumbing/transport/http" "github.com/go-git/go-git/v5/plumbing/transport/http"
memory "github.com/go-git/go-git/v5/storage/memory" "github.com/go-git/go-git/v5/storage/memory"
"os" "os"
) )
@@ -51,6 +53,8 @@ func main() {
os.Exit(1) os.Exit(1)
} }
hasDns, dnsIndex := contains(args, "--dns")
legoBaseArgs = []string{ legoBaseArgs = []string{
"-a", "-a",
"--dns", "--dns",
@@ -66,15 +70,12 @@ func main() {
subdomains := config.GetAsStrings("Certificates.subdomains") subdomains := config.GetAsStrings("Certificates.subdomains")
if subdomains != nil { if subdomains != nil {
for i, subdomain := range subdomains { for i, subdomain := range subdomains {
insert(legoBaseArgs, 5+i, "--domains=*."+subdomain) legoBaseArgs = insert(legoBaseArgs, 5+i, "--domains=*."+subdomain+"."+domain)
} }
} }
err = os.Setenv("CF_API_TOKEN", config.GetAsString("Cloudflare.cf_api_token")) if hasDns {
err = os.Setenv("CF_EMAIL", config.GetAsString("Cloudflare.cf_email")) legoBaseArgs = insert(legoBaseArgs, 3, "--dns.resolvers="+args[dnsIndex+1])
if err != nil {
fmt.Printf("Error setting environment variable: %v\n", err)
os.Exit(1)
} }
creds = &http.BasicAuth{ creds = &http.BasicAuth{
@@ -101,22 +102,60 @@ func main() {
} }
case "renew": case "renew":
{ {
cloneRepo(config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name")) cloneRepo(config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name") + "/" + domain + "-certificates.git")
cmd = exec.Command("lego", legoRenewSiteArgs...) cmd = exec.Command("lego", legoRenewSiteArgs...)
} }
case "gen-cert-only":
{
cmd = exec.Command("lego", legoNewSiteArgs...)
}
case "renew-cert-only":
{
cmd = exec.Command("lego", legoRenewSiteArgs...)
}
case "git":
{
url := createGiteaRepo()
cloneRepo(url)
fixUpdateSh()
addAndPushCerts()
os.Exit(0)
}
default: default:
{ {
fmt.Println("Missing arguments: conclude command with 'gen' or 'renew'") fmt.Println("Missing arguments: conclude command with 'gen' or 'renew'")
os.Exit(1) os.Exit(1)
} }
} }
fmt.Printf("Env Vars: %v", cmd.Env) cmd.Env = append(cmd.Environ(),
out, err := cmd.CombinedOutput() "CLOUDFLARE_DNS_API_TOKEN="+config.GetAsString("Cloudflare.cf_api_token"),
"CLOUDFLARE_ZONE_API_TOKEN"+config.GetAsString("Cloudflare.cf_api_token"),
"CLOUDFLARE_EMAIL="+config.GetAsString("Cloudflare.cf_email"),
)
stdout, err := cmd.StdoutPipe()
if err != nil {
fmt.Printf("Error getting stdout from lego process: %v", err)
os.Exit(1)
}
err = cmd.Start()
if err != nil { if err != nil {
fmt.Printf("Error creating certs with lego: %v", err) fmt.Printf("Error creating certs with lego: %v", err)
os.Exit(1) os.Exit(1)
} }
fmt.Println(string(out)) scanner := bufio.NewScanner(stdout)
go func() {
for scanner.Scan() {
fmt.Println(scanner.Text())
}
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}()
err = cmd.Wait()
if err != nil {
fmt.Printf("Error waiting for lego command to finish: %v", err)
os.Exit(1)
}
addAndPushCerts() addAndPushCerts()
} }
@@ -157,61 +196,73 @@ func cloneRepo(url string) {
} }
func fixUpdateSh() { func fixUpdateSh() {
updateSh, err := fs.Open("update.sh") oldUpdateSh, err := fs.Open("update.sh")
if err != nil { if err != nil {
fmt.Printf("Error opening update.sh: %v", err) fmt.Printf("Error opening update.sh: %v", err)
os.Exit(1) os.Exit(1)
} }
content := "#!/bin/env bash\necho Starting cert pull\ngit pull https://Steven:07026d2d4e99614ec98fc2a8357f108f78f52682@git.nevets.tech/Keys/" + domain + "-certificates.git --force --no-rebase\nexit 0" contentBytes, err := io.ReadAll(oldUpdateSh)
fmt.Printf("Update.sh Content: %v\n", content) if err != nil {
fmt.Printf("Error reading update.sh: %v", err)
os.Exit(1)
}
content := string(contentBytes)
strings.ReplaceAll(content, "<>", domain)
updateSh, err := fs.Create("update.sh")
_, err = updateSh.Write([]byte(content)) _, err = updateSh.Write([]byte(content))
err = updateSh.Close() err = updateSh.Close()
if err != nil { if err != nil {
fmt.Printf("Error writing update.sh: %v", err) fmt.Printf("Error writing update.sh: %v", err)
os.Exit(1) os.Exit(1)
} }
_, err = workTree.Add("update.sh")
if err != nil {
fmt.Printf("Error adding update.sh: %v", err)
os.Exit(1)
}
} }
func addAndPushCerts() { func addAndPushCerts() {
//TODO integrate SOPS api when stable release //TODO integrate SOPS api when stable release
certs, err := os.ReadDir(config.GetAsString("Certificates.certs_path")) certs, err := os.ReadDir(config.GetAsString("Certificates.certs_path") + "/certificates")
if err != nil { if err != nil {
fmt.Printf("Error reading from directory: %v\n", err) fmt.Printf("Error reading from directory: %v\n", err)
os.Exit(1) os.Exit(1)
} }
for _, cert := range certs { for _, cert := range certs {
if strings.HasPrefix(cert.Name(), domain) { if strings.HasPrefix(cert.Name(), domain) {
file, err := fs.Create(config.GetAsString("Certificates.certs_path" + "/" + cert.Name())) file, err := fs.Create(cert.Name())
if err != nil { if err != nil {
fmt.Printf("Error copying cert to memfs: %v\n", err) fmt.Printf("Error copying cert to memfs: %v\n", err)
os.Exit(1) os.Exit(1)
} }
certFile, err := os.ReadFile(config.GetAsString("Certificates.certs_path" + "/" + cert.Name())) certFile, err := os.ReadFile(config.GetAsString("Certificates.certs_path") + "/certificates/" + cert.Name())
_, err = file.Write(certFile) _, err = file.Write(certFile)
err = file.Close()
if err != nil { if err != nil {
fmt.Printf("Error writing to memfs: %v\n", err) fmt.Printf("Error writing to memfs: %v\n", err)
os.Exit(1) os.Exit(1)
} }
_, err = workTree.Add(cert.Name())
if err != nil {
fmt.Printf("Error adding certificate %v: %v", cert.Name(), err)
os.Exit(1)
}
} }
} }
_, err = workTree.Add(".")
if err != nil {
fmt.Printf("Error adding certificates to workTree: %v\n", err)
os.Exit(1)
}
status, err := workTree.Status() status, err := workTree.Status()
if err != nil { if err != nil {
fmt.Printf("Error getting repo status: %v\n", err) fmt.Printf("Error getting repo status: %v\n", err)
os.Exit(1) os.Exit(1)
} }
fmt.Println(status.String()) fmt.Println("Work Tree Status:\n" + status.String())
signature := &object.Signature{ signature := &object.Signature{
Name: "Cert Manager", Name: "Cert Manager",
Email: "certs@nevets.tech", Email: "certs@nevets.tech",
When: time.Now(), When: time.Now(),
} }
_, err = workTree.Commit("Update "+domain+" @ "+time.Now().String(), &git.CommitOptions{Author: signature, Committer: signature}) _, err = workTree.Commit("Update "+domain+" @ "+time.Now().Format("Mon Jan _2 2006 15:04:05 MST"), &git.CommitOptions{Author: signature, Committer: signature})
if err != nil { if err != nil {
fmt.Printf("Error committing certs: %v\n", err) fmt.Printf("Error committing certs: %v\n", err)
os.Exit(1) os.Exit(1)
@@ -222,7 +273,7 @@ func addAndPushCerts() {
os.Exit(1) os.Exit(1)
} }
fmt.Println("Successfully uploaded to repo") fmt.Println("Successfully uploaded to " + config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name") + "/" + domain + "-certificates.git")
} }
func contains(slice []string, value string) (sliceHas bool, index int) { func contains(slice []string, value string) (sliceHas bool, index int) {