added pre/post hook event

TODO

@@ -0,0 +1,5 @@
+letsencrypt web root
+bash completion
+site create
+site remove
+letsencrypt command arguments

apache/letsencrypt.conf

@@ -1,10 +1 @@
-<IfModule mod_proxy.c>
-<Location "/.well-known/acme-challenge/">
-    ProxyPass "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1
-    ProxyPassReverse "http://127.0.0.1:9999/.well-known/acme-challenge/"
-    ProxyPreserveHost On
-    Order allow,deny
-    Allow from all
-    Require all granted
-  </Location>
-</IfModule>
+Alias "/.well-known/acme-challenge/" "/tmp/acme-challenge/"

cron/sitegen-cert-renew

@@ -1,3 +1,3 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-12 00  * * 1   root    sitegen --cert-renew
+12 12  * * 1   root    sitegen --cert-renew

install

@@ -17,6 +17,7 @@ service apache2 reload &&
 
 if [ ! -e /etc/cron.d/sitegen-cert-renew ]
 then
+  rm -f  /etc/cron.d/cert-renew &&
   cp "${dir}/cron/sitegen-cert-renew" /etc/cron.d/sitegen-cert-renew
 fi &&
 service cron reload

sitegen.py

@@ -84,7 +84,8 @@ class SiteGen:
         out = proc.communicate()
         return proc.returncode, out[0]
 
-    def execute_hooks(self, hook_type, args):
+    def execute_hooks(self, hook_type, hook_event, args):
+        args.insert(0, hook_event)
         for hook_name in self.get_hook_files(hook_type, True):
             self.execute(self.get_hook_file(hook_type, hook_name, True), args, False)
 
@@ -117,7 +118,10 @@ class SiteGen:
         return domains
 
     def cert_request(self, domain, logger):
-        logger("Requesting: %s" % domain)
+
+        cert_files = self.get_cert_files(domain)
+        cert_files.insert(0, domain)
+        self.execute_hooks("cert", "pre", cert_files)
 
         res, out = self.execute(self.letsencryptCommand, [domain], False)
         if res != 0:
@@ -127,9 +131,7 @@ class SiteGen:
         self.symlink_letsencrypt_file(domain, "privkey.pem", domain + ".key")
         self.symlink_letsencrypt_file(domain, "chain.pem", domain + "-chain.crt")
 
-        cert_files = self.get_cert_files(domain)
-        cert_files.insert(0, domain)
-        self.execute_hooks("cert", cert_files)
+        self.execute_hooks("cert", "post", cert_files)
 
     def certs_request(self, domains, logger):
         for domain in domains:

sitegen/hooks-available/cert/000-print

@@ -1,8 +1,15 @@
 #! /usr/bin/env sh
-host="${1}"
-cert_file="${2}"
-key_file="${3}"
-chain_file="${4}"
+
+event="${1}"
+host="${2}"
+cert_file="${3}"
+key_file="${4}"
+chain_file="${5}"
+
+if [ "${event}" != "pre" ]
+then
+    exit 0
+fi
 
 echo "Host: ${host}"
 echo "Certificate File: ${cert_file}"

sitegen/hooks-available/site/000-print

@@ -1,10 +1,17 @@
 #! /usr/bin/env sh
-host="${1}"
-root_dir="${2}"
-conf_conf="${3}"
-conf_include="${4}"
-site_conf="${5}"
-site_include="${6}"
+
+event="${1}"
+host="${2}"
+root_dir="${3}"
+conf_conf="${4}"
+conf_include="${5}"
+site_conf="${6}"
+site_include="${7}"
+
+if [ "${event}" != "pre" ]
+then
+    exit 0
+fi
 
 echo "Host: ${host}"
 echo "Root Document: ${root_dir}"

sitegen/hooks-available/site/050-letsencrypt

@@ -1,16 +0,0 @@
-#! /usr/bin/env sh
-host="${1}"
-root_dir="${2}"
-conf_conf="${3}"
-conf_include="${4}"
-site_conf="${5}"
-site_include="${6}"
-
-count=$(grep -ci SSLCertificateFile ${site_conf})
-if [ "${count}" -ge 1 ]
-then
-  echo "SSL found; generating certificate..."
-  sitegen --cert-request "${host}"
-else
-  echo "No SSL found; doing nothing"
-fi

sitegen/hooks-available/site/050-sitegen-cert-request

@@ -0,0 +1,23 @@
+#! /usr/bin/env sh
+
+event="${1}"
+host="${2}"
+root_dir="${3}"
+conf_conf="${4}"
+conf_include="${5}"
+site_conf="${6}"
+site_include="${7}"
+
+if [ "${event}" != "post" ]
+then
+    exit 0
+fi
+
+count=$(grep -ci '^ *SSLCertificateFile' ${site_conf})
+if [ "${count}" -ge 1 ]
+then
+  echo "SSLCertificateFile directive found; generating certificate..."
+  sitegen --cert-request "${host}"
+else
+  echo "SSLCertificateFile directive not found; doing nothing"
+fi

sitegen/hooks-available/site/100-chown

@@ -1,10 +1,17 @@
 #! /usr/bin/env sh
-host="${1}"
-root_dir="${2}"
-conf_conf="${3}"
-conf_include="${4}"
-site_conf="${5}"
-site_include="${6}"
+
+event="${1}"
+host="${2}"
+root_dir="${3}"
+conf_conf="${4}"
+conf_include="${5}"
+site_conf="${6}"
+site_include="${7}"
+
+if [ "${event}" != "post" ]
+then
+    exit 0
+fi
 
 user=$(logname)
 echo "chown to ${user}"

sitegen/hooks-available/site/200-a2ensite

@@ -1,9 +1,16 @@
 #! /usr/bin/env sh
-host="${1}"
-root_dir="${2}"
-conf_conf="${3}"
-conf_include="${4}"
-site_conf="${5}"
-site_include="${6}"
+
+event="${1}"
+host="${2}"
+root_dir="${3}"
+conf_conf="${4}"
+conf_include="${5}"
+site_conf="${6}"
+site_include="${7}"
+
+if [ "${event}" != "post" ]
+then
+    exit 0
+fi
 
 a2ensite "${host}.conf"

sitegen/hooks-available/site/300-reload

@@ -1,9 +1,16 @@
 #! /usr/bin/env sh
-host="${1}"
-root_dir="${2}"
-conf_conf="${3}"
-conf_include="${4}"
-site_conf="${5}"
-site_include="${6}"
+
+event="${1}"
+host="${2}"
+root_dir="${3}"
+conf_conf="${4}"
+conf_include="${5}"
+site_conf="${6}"
+site_include="${7}"
+
+if [ "${event}" != "post" ]
+then
+    exit 0
+fi
 
 service apache2 reload

sitegen/sitegen.json

@@ -3,7 +3,19 @@
   "siteDir": "/var/",
   "confDir": "/etc/sitegen/",
   "certRenewTime": 5356800,
-  "letsencryptCommand": "letsencrypt --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 --server https://acme-v01.api.letsencrypt.org/directory certonly",
+  "letsencryptCommand": "letsencrypt",
+  "letsencryptArgs": [
+    "--agree-tos",
+    "--renew-by-default",
+    "--standalone",
+    "--standalone-supported-challenges",
+    "http-01",
+    "--http-01-port",
+    "9999",
+    "--server",
+    "https://acme-v01.api.letsencrypt.org/directory",
+    "certonly"
+  ],
   "letsencryptDir": "/etc/letsencrypt/live/",
   "certDir": "/etc/ssl/private/"
 }