certman/main.go

package main

import (
	"bufio"
	"code.gitea.io/sdk/gitea"
	"flag"
	"fmt"
	"git.nevets.tech/Steven/ezconf"
	"github.com/go-git/go-billy/v5"
	"github.com/go-git/go-billy/v5/memfs"
	"github.com/go-git/go-git/v5"
	"github.com/go-git/go-git/v5/plumbing/transport/http"
	"github.com/go-git/go-git/v5/storage/memory"
	"github.com/google/go-github/v55/github"
	"io"
	"os"
	"os/exec"
	"os/signal"
	"strings"
	"syscall"
)

var config *ezconf.Configuration
var githubClient *github.Client
var giteaClient *gitea.Client
var domain string
var legoBaseArgs []string

var storage *memory.Storage
var fs billy.Filesystem
var workTree *git.Worktree
var creds *http.BasicAuth

var repo *git.Repository

//TODO create logic for gh vs gt repos

func main() {
	devFlag := flag.Bool("dev", false, "Developer Mode")

	newDomainFlag := flag.String("new-domain", "example.com", "Domain to create new configs and directories for")
	installFlag := flag.Bool("install", false, "Install Certman")
	daemonFlag := flag.Bool("d", false, "Daemon Mode")

	flag.Parse()

	if *devFlag {

		os.Exit(0)
	}
	if *newDomainFlag != "example.com" {
		fmt.Printf("Creating new domain %s\n", *newDomainFlag)
		createNewDomainConfig(*newDomainFlag)
		createNewDomainCertsDir(*newDomainFlag)
	}
	if *installFlag {
		makeDirs()
		config = ezconf.NewConfiguration("/etc/certman/certman.conf", defaultConfig)
	}
	if *daemonFlag {
		// Check if main config exists
		if _, err := os.Stat("/etc/certman/certman.conf"); os.IsNotExist(err) {
			fmt.Println("Main config file not found, please run 'certman --install', then properly configure /etc/certman/certman.conf.")
			os.Exit(1)
		} else if err != nil {
			fmt.Printf("Error opening /etc/certman/certman.conf: %v\n", err)
		}
		// Setup SIGINT and SIGTERM listeners
		sigChannel := make(chan os.Signal, 1)
		signal.Notify(sigChannel, syscall.SIGINT, syscall.SIGTERM)

		// Task loop
		go func() {

		}()

		// Cleanup on stop
		sig := <-sigChannel
		fmt.Printf("Program terminated with %v\n", sig)

		close()
	}
}

func close() {

}

func maindis() {
	config = ezconf.NewConfiguration("/etc/certman/certman.conf", "")

	var err error
	args := os.Args

	// -d
	hasDomain, domainIndex := contains(args, "-d")
	if hasDomain {
		domain = args[domainIndex+1]
	} else {
		fmt.Printf("Error, no domain passed. Please add '-d domain.tld' to the command\n")
		os.Exit(1)
	}

	hasDns, dnsIndex := contains(args, "--dns")

	legoBaseArgs = []string{
		"-a",
		"--dns",
		"cloudflare",
		"--email=" + config.GetAsString("Cloudflare.cf_email"),
		"--domains=" + domain,
		"--domains=*." + domain,
		"--path=" + config.GetAsString("Certificates.certs_path"),
	}
	legoNewSiteArgs := append(legoBaseArgs, "run")
	legoRenewSiteArgs := append(legoBaseArgs, "renew", "--days", "90")

	subdomains := config.GetAsStrings("Certificates.subdomains")
	if subdomains != nil {
		for i, subdomain := range subdomains {
			legoBaseArgs = insert(legoBaseArgs, 5+i, "--domains=*."+subdomain+"."+domain)
		}
	}

	if hasDns {
		legoBaseArgs = insert(legoBaseArgs, 3, "--dns.resolvers="+args[dnsIndex+1])
	}

	creds = &http.BasicAuth{
		Username: config.GetAsString("Git.username"),
		Password: config.GetAsString("Git.api_token"),
	}
	giteaClient = createGiteaClient()

	storage = memory.NewStorage()
	fs = memfs.New()

	var cmd *exec.Cmd
	switch args[len(args)-1] {
	case "gen":
		{
			url := createGiteaRepo()
			repo, workTree = cloneRepo(url)
			fixUpdateSh()
			cmd = exec.Command("lego", legoNewSiteArgs...)
		}
	case "renew":
		{
			repo, workTree = cloneRepo(config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name") + "/" + domain + "-certificates.git")
			cmd = exec.Command("lego", legoRenewSiteArgs...)
		}
	case "gen-cert-only":
		{
			cmd = exec.Command("lego", legoNewSiteArgs...)
		}
	case "renew-cert-only":
		{
			cmd = exec.Command("lego", legoRenewSiteArgs...)
		}
	case "git":
		{
			url := createGiteaRepo()
			repo, workTree = cloneRepo(url)
			fixUpdateSh()
			addAndPushCerts()
			os.Exit(0)
		}
	default:
		{
			fmt.Println("Missing arguments: conclude command with 'gen' or 'renew'")
			os.Exit(1)
		}
	}
	cmd.Env = append(cmd.Environ(),
		"CLOUDFLARE_DNS_API_TOKEN="+config.GetAsString("Cloudflare.cf_api_token"),
		"CLOUDFLARE_ZONE_API_TOKEN"+config.GetAsString("Cloudflare.cf_api_token"),
		"CLOUDFLARE_EMAIL="+config.GetAsString("Cloudflare.cf_email"),
	)
	stdout, err := cmd.StdoutPipe()
	if err != nil {
		fmt.Printf("Error getting stdout from lego process: %v\n", err)
		os.Exit(1)
	}
	err = cmd.Start()
	if err != nil {
		fmt.Printf("Error creating certs with lego: %v\n", err)
		os.Exit(1)
	}
	scanner := bufio.NewScanner(stdout)
	go func() {
		for scanner.Scan() {
			fmt.Println(scanner.Text())
		}
		if err := scanner.Err(); err != nil {
			fmt.Fprintln(os.Stderr, "reading standard input:", err)
		}
	}()
	err = cmd.Wait()
	if err != nil {
		fmt.Printf("Error waiting for lego command to finish: %v\n", err)
		os.Exit(1)
	}
	addAndPushCerts()
}

func fixUpdateSh() {
	oldUpdateSh, err := fs.Open("update.sh")
	if err != nil {
		fmt.Printf("Error opening update.sh: %v\n", err)
		os.Exit(1)
	}
	contentBytes, err := io.ReadAll(oldUpdateSh)
	if err != nil {
		fmt.Printf("Error reading update.sh: %v\n", err)
		os.Exit(1)
	}
	content := string(contentBytes)
	strings.ReplaceAll(content, "<>", domain)
	updateSh, err := fs.Create("update.sh")
	_, err = updateSh.Write([]byte(content))
	err = updateSh.Close()
	if err != nil {
		fmt.Printf("Error writing update.sh: %v\n", err)
		os.Exit(1)
	}
	_, err = workTree.Add("update.sh")
	if err != nil {
		fmt.Printf("Error adding update.sh: %v\n", err)
		os.Exit(1)
	}
}