package main import ( "bufio" "context" "flag" "fmt" "os" "os/exec" "os/signal" "strconv" "strings" "sync" "syscall" "time" "code.gitea.io/sdk/gitea" "git.nevets.tech/Steven/ezconf" "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing/transport/http" "github.com/go-git/go-git/v5/storage/memory" "github.com/google/go-github/v55/github" "github.com/makifdb/pidfile" ) var config *ezconf.Configuration var githubClient *github.Client var giteaClient *gitea.Client var domain string var legoBaseArgs []string var storage *memory.Storage var fs billy.Filesystem var workTree *git.Worktree var creds *http.BasicAuth var repo *git.Repository var ctx context.Context var cancel context.CancelFunc var wg sync.WaitGroup //TODO create logic for gh vs gt repos func main() { devFlag := flag.Bool("dev", false, "Developer Mode") configFile := flag.String("config", "/etc/certman/certman.conf", "Configuration file") newDomainFlag := flag.String("new-domain", "example.com", "Domain to create new configs and directories for") newDomainDirFlag := flag.String("new-domain-dir", "/opt/certs/example.com", "Directory that certs will be stored in") installFlag := flag.Bool("install", false, "Install Certman") modeFlag := flag.String("mode", "client", "CertManager Mode [server, client]") thinInstallFlag := flag.Bool("t", false, "Thin Install (skip creating dirs)") newKeyFlag := flag.Bool("newkey", false, "Generate new encryption key") reloadFlag := flag.Bool("reload", false, "Reload configs") daemonFlag := flag.Bool("d", false, "Daemon Mode") flag.Parse() if *devFlag { os.Exit(0) } if *newDomainFlag != "example.com" { fmt.Printf("Creating new domain %s\n", *newDomainFlag) createNewDomainConfig(*newDomainFlag) createNewDomainCertsDir(*newDomainFlag, *newDomainDirFlag) fmt.Println("Successfully created domain entry for " + *newDomainFlag + "\nUpdate config file as needed in /etc/certman/domains/" + *newDomainFlag + ".conf") os.Exit(0) } if *installFlag { if !*thinInstallFlag { makeDirs() } config = ezconf.NewConfiguration(*configFile, strings.ReplaceAll(defaultConfig, "{mode}", *modeFlag)) os.Exit(0) } if *newKeyFlag { key, err := GenerateKey() if err != nil { fmt.Println(err) os.Exit(1) } fmt.Printf(key) os.Exit(0) } if *reloadFlag { pidBytes, err := os.ReadFile("/var/run/certman.pid") if err != nil { fmt.Printf("Error getting PID from /var/run/certman.pid: %v\n", err) os.Exit(1) } pidStr := strings.TrimSpace(string(pidBytes)) daemonPid, err := strconv.Atoi(pidStr) if err != nil { fmt.Printf("Error converting PID string to int (%s): %v\n", pidStr, err) os.Exit(1) } proc, err := os.FindProcess(daemonPid) if err != nil { fmt.Printf("Error finding process with PID %d: %v\n", daemonPid, err) os.Exit(1) } err = proc.Signal(syscall.SIGHUP) if err != nil { fmt.Printf("Error sending SIGHUP to PID %d: %v\n", daemonPid, err) os.Exit(1) } os.Exit(0) } if *daemonFlag { err := pidfile.CreateOrUpdatePIDFile("/var/run/certman.pid") if err != nil { fmt.Println("Error creating pidfile") os.Exit(1) } ctx, cancel = context.WithCancel(context.Background()) // Check if main config exists if _, err := os.Stat(*configFile); os.IsNotExist(err) { fmt.Println("Main config file not found, please run 'certman --install', then properly configure /etc/certman/certman.conf.") os.Exit(1) } else if err != nil { fmt.Printf("Error opening %s: %v\n", *configFile, err) } config = ezconf.LoadConfiguration(*configFile) // Setup SIGINT and SIGTERM listeners sigChannel := make(chan os.Signal, 1) signal.Notify(sigChannel, syscall.SIGINT, syscall.SIGTERM) defer signal.Stop(sigChannel) reloadSigChan := make(chan os.Signal, 1) signal.Notify(reloadSigChan, syscall.SIGHUP) defer signal.Stop(reloadSigChan) ticker := time.NewTicker(5 * time.Second) defer ticker.Stop() wg.Add(1) if config.GetAsString("App.mode") == "server" { fmt.Println("Starting CertManager in server mode...") // Server Task loop go func() { defer wg.Done() for { select { case <-ctx.Done(): fmt.Println("Shutting down server") return case <-reloadSigChan: { fmt.Println("Reloading configs...") } case <-ticker.C: { fmt.Println("Tick!") } } } }() } else if config.GetAsString("App.mode") == "client" { fmt.Println("Starting CertManager in client mode...") // Client Task loop go func() { defer wg.Done() for { select { case <-ctx.Done(): fmt.Println("Shutting down client") return case <-reloadSigChan: { fmt.Println("Reloading configs...") } case <-ticker.C: { fmt.Println("Tick!") } } } }() } else { fmt.Println("Invalid operating mode \"" + config.GetAsString("App.mode") + "\"") } // Cleanup on stop sig := <-sigChannel fmt.Printf("Program terminated with %v\n", sig) stop() wg.Wait() } } func stop() { cancel() } func maindis() { config = ezconf.NewConfiguration("/etc/certman/certman.conf", "") var err error args := os.Args // -d hasDomain, domainIndex := contains(args, "-d") if hasDomain { domain = args[domainIndex+1] } else { fmt.Printf("Error, no domain passed. Please add '-d domain.tld' to the command\n") os.Exit(1) } hasDns, dnsIndex := contains(args, "--dns") legoBaseArgs = []string{ "-a", "--dns", "cloudflare", "--email=" + config.GetAsString("Cloudflare.cf_email"), "--domains=" + domain, "--domains=*." + domain, "--path=" + config.GetAsString("Certificates.certs_path"), } legoNewSiteArgs := append(legoBaseArgs, "run") legoRenewSiteArgs := append(legoBaseArgs, "renew", "--days", "90") subdomains := config.GetAsStrings("Certificates.subdomains") if subdomains != nil { for i, subdomain := range subdomains { legoBaseArgs = insert(legoBaseArgs, 5+i, "--domains=*."+subdomain+"."+domain) } } if hasDns { legoBaseArgs = insert(legoBaseArgs, 3, "--dns.resolvers="+args[dnsIndex+1]) } creds = &http.BasicAuth{ Username: config.GetAsString("Git.username"), Password: config.GetAsString("Git.api_token"), } giteaClient = createGiteaClient() storage = memory.NewStorage() fs = memfs.New() var cmd *exec.Cmd switch args[len(args)-1] { case "gen": { url := createGiteaRepo() repo, workTree = cloneRepo(url) cmd = exec.Command("lego", legoNewSiteArgs...) } case "renew": { repo, workTree = cloneRepo(config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name") + "/" + domain + "-certificates.git") cmd = exec.Command("lego", legoRenewSiteArgs...) } case "gen-cert-only": { cmd = exec.Command("lego", legoNewSiteArgs...) } case "renew-cert-only": { cmd = exec.Command("lego", legoRenewSiteArgs...) } case "git": { url := createGiteaRepo() repo, workTree = cloneRepo(url) addAndPushCerts() os.Exit(0) } default: { fmt.Println("Missing arguments: conclude command with 'gen' or 'renew'") os.Exit(1) } } cmd.Env = append(cmd.Environ(), "CLOUDFLARE_DNS_API_TOKEN="+config.GetAsString("Cloudflare.cf_api_token"), "CLOUDFLARE_ZONE_API_TOKEN"+config.GetAsString("Cloudflare.cf_api_token"), "CLOUDFLARE_EMAIL="+config.GetAsString("Cloudflare.cf_email"), ) stdout, err := cmd.StdoutPipe() if err != nil { fmt.Printf("Error getting stdout from lego process: %v\n", err) os.Exit(1) } err = cmd.Start() if err != nil { fmt.Printf("Error creating certs with lego: %v\n", err) os.Exit(1) } scanner := bufio.NewScanner(stdout) go func() { for scanner.Scan() { fmt.Println(scanner.Text()) } if err := scanner.Err(); err != nil { fmt.Fprintln(os.Stderr, "reading standard input:", err) } }() err = cmd.Wait() if err != nil { fmt.Printf("Error waiting for lego command to finish: %v\n", err) os.Exit(1) } addAndPushCerts() }