mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
[enh] Update yunohost, ssl and ssh conf_regen hooks
This commit is contained in:
parent
9229210538
commit
4090630bd9
6 changed files with 149 additions and 119 deletions
|
@ -1,25 +0,0 @@
|
|||
set -e
|
||||
|
||||
force=$1
|
||||
|
||||
cd /usr/share/yunohost/templates/yunohost
|
||||
|
||||
sudo mkdir -p /etc/yunohost
|
||||
|
||||
if [ ! -f /etc/yunohost/current_host ]; then
|
||||
echo "yunohost.org" | sudo tee /etc/yunohost/current_host
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/yunohost/firewall.yml ]; then
|
||||
sudo cp firewall.yml /etc/yunohost/firewall.yml
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/yunohost/services.yml ]; then
|
||||
sudo cp services.yml /etc/yunohost/services.yml
|
||||
fi
|
||||
|
||||
# Allow users to access /media directory
|
||||
if [ ! -d /etc/skel/media ]; then
|
||||
mkdir -p /media
|
||||
ln -s /media /etc/skel/
|
||||
fi
|
|
@ -1,64 +0,0 @@
|
|||
set -e
|
||||
|
||||
force=$1
|
||||
|
||||
function safe_copy () {
|
||||
if [ ! -f /etc/yunohost/installed ]; then
|
||||
sudo cp $1 $2
|
||||
else
|
||||
if [ $force ]; then
|
||||
sudo yunohost service safecopy \
|
||||
-s ssl $1 $2 --force
|
||||
else
|
||||
sudo yunohost service safecopy \
|
||||
-s ssl $1 $2
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
cd /usr/share/yunohost/templates/ssl
|
||||
ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
|
||||
|
||||
sudo mkdir -p /etc/yunohost/certs/yunohost.org
|
||||
sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts}
|
||||
|
||||
safe_copy openssl.cnf $ssl_dir/openssl.cnf
|
||||
|
||||
[ -f $ssl_dir/serial ] \
|
||||
|| (echo "00" | sudo tee $ssl_dir/serial)
|
||||
|
||||
[ -f $ssl_dir/index.txt ] \
|
||||
|| sudo touch $ssl_dir/index.txt
|
||||
|
||||
if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then
|
||||
sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
|
||||
-days 3650 -out $ssl_dir/ca/cacert.pem \
|
||||
-keyout $ssl_dir/ca/cakey.pem -nodes -batch
|
||||
sudo cp $ssl_dir/ca/cacert.pem \
|
||||
/etc/yunohost/certs/yunohost.org/ca.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
|
||||
/etc/ssl/certs/ca-yunohost_crt.pem
|
||||
sudo update-ca-certificates
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
|
||||
sudo openssl req -new -config $ssl_dir/openssl.cnf \
|
||||
-days 730 -out $ssl_dir/certs/yunohost_csr.pem \
|
||||
-keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch
|
||||
sudo openssl ca -config $ssl_dir/openssl.cnf \
|
||||
-days 730 -in $ssl_dir/certs/yunohost_csr.pem \
|
||||
-out $ssl_dir/certs/yunohost_crt.pem -batch
|
||||
|
||||
last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
|
||||
sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
|
||||
sudo chmod 640 $last_cert
|
||||
|
||||
sudo cp $ssl_dir/certs/yunohost_key.pem \
|
||||
/etc/yunohost/certs/yunohost.org/key.pem
|
||||
sudo cp $last_cert \
|
||||
/etc/yunohost/certs/yunohost.org/crt.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
|
||||
/etc/ssl/certs/yunohost_crt.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
|
||||
/etc/ssl/private/yunohost_key.pem
|
||||
fi
|
|
@ -1,30 +0,0 @@
|
|||
set -e
|
||||
|
||||
force=$1
|
||||
|
||||
function safe_copy () {
|
||||
if [ $force ]; then
|
||||
sudo yunohost service safecopy \
|
||||
-s ssh \
|
||||
$1 $2 \
|
||||
--force
|
||||
else
|
||||
sudo yunohost service safecopy \
|
||||
-s ssh \
|
||||
$1 $2
|
||||
fi
|
||||
}
|
||||
|
||||
cd /usr/share/yunohost/templates/ssh
|
||||
|
||||
# Only overwrite SSH configuration on an ISO installation
|
||||
if [ ! -f /etc/yunohost/from_script ]; then
|
||||
|
||||
# Do not listen to IPv6 if unavailable
|
||||
if [ ! -f /proc/net/if_inet6 ]; then
|
||||
sudo sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
|
||||
fi
|
||||
safe_copy sshd_config /etc/ssh/sshd_config
|
||||
|
||||
sudo service ssh restart
|
||||
fi
|
40
data/hooks/conf_regen/01-yunohost
Normal file
40
data/hooks/conf_regen/01-yunohost
Normal file
|
@ -0,0 +1,40 @@
|
|||
set -e
|
||||
|
||||
do_pre_regen() {
|
||||
pending_dir=$1
|
||||
|
||||
cd /usr/share/yunohost/templates/yunohost
|
||||
|
||||
[[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost
|
||||
|
||||
# set default current_host
|
||||
[[ -f /etc/yunohost/current_host ]] \
|
||||
|| echo "yunohost.org" | sudo tee /etc/yunohost/current_host
|
||||
|
||||
# copy default firewall and services
|
||||
# TODO: update them as needed with upgrades
|
||||
[[ -f /etc/yunohost/firewall.yml ]] \
|
||||
|| sudo cp firewall.yml /etc/yunohost/firewall.yml
|
||||
[[ -f /etc/yunohost/services.yml ]] \
|
||||
|| sudo cp services.yml /etc/yunohost/services.yml
|
||||
|
||||
# allow users to access /media directory
|
||||
[[ -d /etc/skel/media ]] \
|
||||
|| (mkdir -p /media && ln -s /media /etc/skel/media)
|
||||
}
|
||||
|
||||
FORCE=$2
|
||||
|
||||
case "$1" in
|
||||
pre)
|
||||
do_pre_regen $3
|
||||
;;
|
||||
post)
|
||||
;;
|
||||
*)
|
||||
echo "hook called with unknown argument \`$status'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
71
data/hooks/conf_regen/02-ssl
Normal file
71
data/hooks/conf_regen/02-ssl
Normal file
|
@ -0,0 +1,71 @@
|
|||
set -e
|
||||
|
||||
ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
|
||||
|
||||
do_pre_regen() {
|
||||
pending_dir=$1
|
||||
|
||||
cd /usr/share/yunohost/templates/ssl
|
||||
|
||||
install -D openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
|
||||
}
|
||||
|
||||
do_post_regen() {
|
||||
sudo mkdir -p "/etc/yunohost/certs/yunohost.org"
|
||||
sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
|
||||
|
||||
[[ -f "${ssl_dir}/serial" ]] \
|
||||
|| (echo "00" | sudo tee "${ssl_dir}/serial")
|
||||
[[ -f "${ssl_dir}/index.txt" ]] \
|
||||
|| sudo touch "${ssl_dir}/index.txt"
|
||||
|
||||
if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
|
||||
sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
|
||||
-days 3650 -out $ssl_dir/ca/cacert.pem \
|
||||
-keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1
|
||||
sudo cp $ssl_dir/ca/cacert.pem \
|
||||
/etc/yunohost/certs/yunohost.org/ca.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
|
||||
/etc/ssl/certs/ca-yunohost_crt.pem
|
||||
sudo update-ca-certificates
|
||||
fi
|
||||
|
||||
if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
|
||||
sudo openssl req -new -config $ssl_dir/openssl.cnf \
|
||||
-days 730 -out $ssl_dir/certs/yunohost_csr.pem \
|
||||
-keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1
|
||||
sudo openssl ca -config $ssl_dir/openssl.cnf \
|
||||
-days 730 -in $ssl_dir/certs/yunohost_csr.pem \
|
||||
-out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1
|
||||
|
||||
last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
|
||||
sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
|
||||
sudo chmod 640 $last_cert
|
||||
|
||||
sudo cp $ssl_dir/certs/yunohost_key.pem \
|
||||
/etc/yunohost/certs/yunohost.org/key.pem
|
||||
sudo cp $last_cert \
|
||||
/etc/yunohost/certs/yunohost.org/crt.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
|
||||
/etc/ssl/certs/yunohost_crt.pem
|
||||
sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
|
||||
/etc/ssl/private/yunohost_key.pem
|
||||
fi
|
||||
}
|
||||
|
||||
FORCE=$2
|
||||
|
||||
case "$1" in
|
||||
pre)
|
||||
do_pre_regen $3
|
||||
;;
|
||||
post)
|
||||
do_post_regen
|
||||
;;
|
||||
*)
|
||||
echo "hook called with unknown argument \`$status'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
38
data/hooks/conf_regen/03-ssh
Normal file
38
data/hooks/conf_regen/03-ssh
Normal file
|
@ -0,0 +1,38 @@
|
|||
set -e
|
||||
|
||||
do_pre_regen() {
|
||||
pending_dir=$1
|
||||
|
||||
cd /usr/share/yunohost/templates/ssh
|
||||
|
||||
# only overwrite SSH configuration on an ISO installation
|
||||
if [[ ! -f /etc/yunohost/from_script ]]; then
|
||||
# do not listen to IPv6 if unavailable
|
||||
[[ -f /proc/net/if_inet6 ]] \
|
||||
|| sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
|
||||
|
||||
install -D sshd_config "${pending_conf}/etc/ssh/sshd_config"
|
||||
fi
|
||||
}
|
||||
|
||||
do_post_regen() {
|
||||
[[ -f /etc/yunohost/from_script ]] \
|
||||
|| sudo service ssh restart
|
||||
}
|
||||
|
||||
FORCE=$2
|
||||
|
||||
case "$1" in
|
||||
pre)
|
||||
do_pre_regen $3
|
||||
;;
|
||||
post)
|
||||
do_post_regen
|
||||
;;
|
||||
*)
|
||||
echo "hook called with unknown argument \`$status'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
Loading…
Add table
Reference in a new issue