Steven/certman
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
d09c81da5c2fcc55f15826013d1a22a71fdfe859
certman/main.go
Steven Tracey d09c81da5c Lots of progress
2026-02-19 22:49:13 +01:00

326 lines
7.9 KiB
Go
Raw Blame History

package main
import (
"bufio"
"context"
"flag"
"fmt"
"os"
"os/exec"
"os/signal"
"strconv"
"strings"
"sync"
"syscall"
"time"
"code.gitea.io/sdk/gitea"
"git.nevets.tech/Steven/ezconf"
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
"github.com/go-git/go-git/v5"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/go-git/go-git/v5/storage/memory"
"github.com/google/go-github/v55/github"
"github.com/makifdb/pidfile"
)
var config *ezconf.Configuration
var githubClient *github.Client
var giteaClient *gitea.Client
var domain string
var legoBaseArgs []string
var storage *memory.Storage
var fs billy.Filesystem
var workTree *git.Worktree
var creds *http.BasicAuth
var repo *git.Repository
var ctx context.Context
var cancel context.CancelFunc
var wg sync.WaitGroup
//TODO create logic for gh vs gt repos
func main() {
devFlag := flag.Bool("dev", false, "Developer Mode")
configFile := flag.String("config", "/etc/certman/certman.conf", "Configuration file")
newDomainFlag := flag.String("new-domain", "example.com", "Domain to create new configs and directories for")
newDomainDirFlag := flag.String("new-domain-dir", "/opt/certs/example.com", "Directory that certs will be stored in")
installFlag := flag.Bool("install", false, "Install Certman")
modeFlag := flag.String("mode", "client", "CertManager Mode [server, client]")
thinInstallFlag := flag.Bool("t", false, "Thin Install (skip creating dirs)")
newKeyFlag := flag.Bool("newkey", false, "Generate new encryption key")
reloadFlag := flag.Bool("reload", false, "Reload configs")
daemonFlag := flag.Bool("d", false, "Daemon Mode")
flag.Parse()
if *devFlag {
os.Exit(0)
}
if *newDomainFlag != "example.com" {
fmt.Printf("Creating new domain %s\n", *newDomainFlag)
createNewDomainConfig(*newDomainFlag)
createNewDomainCertsDir(*newDomainFlag, *newDomainDirFlag)
fmt.Println("Successfully created domain entry for " + *newDomainFlag + "\nUpdate config file as needed in /etc/certman/domains/" + *newDomainFlag + ".conf")
os.Exit(0)
}
if *installFlag {
if !*thinInstallFlag {
makeDirs()
}
config = ezconf.NewConfiguration(*configFile, strings.ReplaceAll(defaultConfig, "{mode}", *modeFlag))
os.Exit(0)
}
if *newKeyFlag {
key, err := GenerateKey()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Printf(key)
os.Exit(0)
}
if *reloadFlag {
pidBytes, err := os.ReadFile("/var/run/certman.pid")
if err != nil {
fmt.Printf("Error getting PID from /var/run/certman.pid: %v\n", err)
os.Exit(1)
}
pidStr := strings.TrimSpace(string(pidBytes))
daemonPid, err := strconv.Atoi(pidStr)
if err != nil {
fmt.Printf("Error converting PID string to int (%s): %v\n", pidStr, err)
os.Exit(1)
}
proc, err := os.FindProcess(daemonPid)
if err != nil {
fmt.Printf("Error finding process with PID %d: %v\n", daemonPid, err)
os.Exit(1)
}
err = proc.Signal(syscall.SIGHUP)
if err != nil {
fmt.Printf("Error sending SIGHUP to PID %d: %v\n", daemonPid, err)
os.Exit(1)
}
os.Exit(0)
}
if *daemonFlag {
err := pidfile.CreateOrUpdatePIDFile("/var/run/certman.pid")
if err != nil {
fmt.Println("Error creating pidfile")
os.Exit(1)
}
ctx, cancel = context.WithCancel(context.Background())
// Check if main config exists
if _, err := os.Stat(*configFile); os.IsNotExist(err) {
fmt.Println("Main config file not found, please run 'certman --install', then properly configure /etc/certman/certman.conf.")
os.Exit(1)
} else if err != nil {
fmt.Printf("Error opening %s: %v\n", *configFile, err)
}
config = ezconf.LoadConfiguration(*configFile)
// Setup SIGINT and SIGTERM listeners
sigChannel := make(chan os.Signal, 1)
signal.Notify(sigChannel, syscall.SIGINT, syscall.SIGTERM)
defer signal.Stop(sigChannel)
reloadSigChan := make(chan os.Signal, 1)
signal.Notify(reloadSigChan, syscall.SIGHUP)
defer signal.Stop(reloadSigChan)
ticker := time.NewTicker(5 * time.Second)
defer ticker.Stop()
wg.Add(1)
if config.GetAsString("App.mode") == "server" {
fmt.Println("Starting CertManager in server mode...")
// Server Task loop
go func() {
defer wg.Done()
for {
select {
case <-ctx.Done():
fmt.Println("Shutting down server")
return
case <-reloadSigChan:
{
fmt.Println("Reloading configs...")
}
case <-ticker.C:
{
fmt.Println("Tick!")
}
}
}
}()
} else if config.GetAsString("App.mode") == "client" {
fmt.Println("Starting CertManager in client mode...")
// Client Task loop
go func() {
defer wg.Done()
for {
select {
case <-ctx.Done():
fmt.Println("Shutting down client")
return
case <-reloadSigChan:
{
fmt.Println("Reloading configs...")
}
case <-ticker.C:
{
fmt.Println("Tick!")
}
}
}
}()
} else {
fmt.Println("Invalid operating mode \"" + config.GetAsString("App.mode") + "\"")
}
// Cleanup on stop
sig := <-sigChannel
fmt.Printf("Program terminated with %v\n", sig)
stop()
wg.Wait()
}
}
func stop() {
cancel()
}
func maindis() {
config = ezconf.NewConfiguration("/etc/certman/certman.conf", "")
var err error
args := os.Args
// -d
hasDomain, domainIndex := contains(args, "-d")
if hasDomain {
domain = args[domainIndex+1]
} else {
fmt.Printf("Error, no domain passed. Please add '-d domain.tld' to the command\n")
os.Exit(1)
}
hasDns, dnsIndex := contains(args, "--dns")
legoBaseArgs = []string{
"-a",
"--dns",
"cloudflare",
"--email=" + config.GetAsString("Cloudflare.cf_email"),
"--domains=" + domain,
"--domains=*." + domain,
"--path=" + config.GetAsString("Certificates.certs_path"),
}
legoNewSiteArgs := append(legoBaseArgs, "run")
legoRenewSiteArgs := append(legoBaseArgs, "renew", "--days", "90")
subdomains := config.GetAsStrings("Certificates.subdomains")
if subdomains != nil {
for i, subdomain := range subdomains {
legoBaseArgs = insert(legoBaseArgs, 5+i, "--domains=*."+subdomain+"."+domain)
}
}
if hasDns {
legoBaseArgs = insert(legoBaseArgs, 3, "--dns.resolvers="+args[dnsIndex+1])
}
creds = &http.BasicAuth{
Username: config.GetAsString("Git.username"),
Password: config.GetAsString("Git.api_token"),
}
giteaClient = createGiteaClient()
storage = memory.NewStorage()
fs = memfs.New()
var cmd *exec.Cmd
switch args[len(args)-1] {
case "gen":
{
url := createGiteaRepo()
repo, workTree = cloneRepo(url)
cmd = exec.Command("lego", legoNewSiteArgs...)
}
case "renew":
{
repo, workTree = cloneRepo(config.GetAsString("Git.server") + "/" + config.GetAsString("Git.org_name") + "/" + domain + "-certificates.git")
cmd = exec.Command("lego", legoRenewSiteArgs...)
}
case "gen-cert-only":
{
cmd = exec.Command("lego", legoNewSiteArgs...)
}
case "renew-cert-only":
{
cmd = exec.Command("lego", legoRenewSiteArgs...)
}
case "git":
{
url := createGiteaRepo()
repo, workTree = cloneRepo(url)
addAndPushCerts()
os.Exit(0)
}
default:
{
fmt.Println("Missing arguments: conclude command with 'gen' or 'renew'")
os.Exit(1)
}
}
cmd.Env = append(cmd.Environ(),
"CLOUDFLARE_DNS_API_TOKEN="+config.GetAsString("Cloudflare.cf_api_token"),
"CLOUDFLARE_ZONE_API_TOKEN"+config.GetAsString("Cloudflare.cf_api_token"),
"CLOUDFLARE_EMAIL="+config.GetAsString("Cloudflare.cf_email"),
)
stdout, err := cmd.StdoutPipe()
if err != nil {
fmt.Printf("Error getting stdout from lego process: %v\n", err)
os.Exit(1)
}
err = cmd.Start()
if err != nil {
fmt.Printf("Error creating certs with lego: %v\n", err)
os.Exit(1)
}
scanner := bufio.NewScanner(stdout)
go func() {
for scanner.Scan() {
fmt.Println(scanner.Text())
}
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}()
err = cmd.Wait()
if err != nil {
fmt.Printf("Error waiting for lego command to finish: %v\n", err)
os.Exit(1)
}
addAndPushCerts()
}
Reference in New Issue View Git Blame Copy Permalink