Merge edfebfbd2e into 5edb8bd71b

2024-09-03 20:06:10 +02:00 · 2024-09-02 10:27:11 +02:00 · 2024-09-02 10:27:11 +02:00 · 77e09188be
commit 77e09188be
parent 5edb8bd71b edfebfbd2e
3 changed files with 37 additions and 4 deletions
--- a/share/actionsmap.yml
+++ b/share/actionsmap.yml
@ -495,7 +495,10 @@ domain:
                    help: If adding a DynDNS domain, subscribe to the DynDNS service with a password, used to later delete the domain
                    extra:
                        pattern: *pattern_password
-
+                --install-letsencrypt-cert:
+                    help: If adding a subdomain of an already added domain, try to install a Let's Encrypt certificate
+                    action: store_true
+                    
        ### domain_remove()
        remove:
            action_help: Delete domains
--- a/src/certificate.py
+++ b/src/certificate.py
@ -98,6 +98,15 @@ def certificate_status(domains, full=False):
                else:
                    status["ACME_eligible"] = False

+            # Check if a wildcard is setup for the ipv4/ipv6 A/AAAA records
+            dns_extra = Diagnoser.get_cached_report(
+                "dnsrecords", item={"domain": domain, "category": "extra"}
+            ).get("data", {})
+            dns_extra_A = { k: v for k, v in dns_extra.items() if k.startswith("A") }
+            status["ready_for_letsencrypt_cert"] = all(
+                [value == "OK" for value in dns_extra_A.values()]
+            )
+
        del status["domain"]
        certificates[domain] = status

--- a/src/domain.py
+++ b/src/domain.py
@ -245,7 +245,11 @@ def _get_parent_domain_of(domain, return_self=False, topest=False):

@is_unit_operation(exclude=["dyndns_recovery_password"])
 def domain_add(
-    operation_logger, domain, dyndns_recovery_password=None, ignore_dyndns=False
+    operation_logger,
+    domain,
+    dyndns_recovery_password=None,
+    ignore_dyndns=False,
+    install_letsencrypt_cert=False,
 ):
    """
    Create a custom domain
@ -255,12 +259,17 @@ def domain_add(
        dyndns -- Subscribe to DynDNS
        dyndns_recovery_password -- Password used to later unsubscribe from DynDNS
        ignore_dyndns -- If we want to just add the DynDNS domain to the list, without subscribing
+        install_letsencrypt_cert -- If adding a subdomain of an already added domain, try to install a Let's Encrypt certificate
    """
    from yunohost.hook import hook_callback
    from yunohost.app import app_ssowatconf
    from yunohost.utils.ldap import _get_ldap_interface
    from yunohost.utils.password import assert_password_is_strong_enough
-    from yunohost.certificate import _certificate_install_selfsigned
+    from yunohost.certificate import (
+        _certificate_install_selfsigned,
+        _certificate_install_letsencrypt,
+        certificate_status,
+    )
    from yunohost.utils.dns import is_yunohost_dyndns_domain

    if dyndns_recovery_password:
@ -302,7 +311,19 @@ def domain_add(
            domain=domain, recovery_password=dyndns_recovery_password
        )

-    _certificate_install_selfsigned([domain], True)
+    parent_domain = _get_parent_domain_of(domain)  # FIXME: topest?
+    can_install_letsencrypt = (
+        parent_domain
+        and certificate_status(parent_domain, full=True)["ready_for_letsencrypt_cert"]
+    )
+
+    # FIXME: warn and fallback to selfsigned if `install_letsencrypt_cert` and not `can_install_letsencrypt`?
+
+    if install_letsencrypt_cert and can_install_letsencrypt:
+        # FIXME try and fallback to selfsigned?
+        _certificate_install_letsencrypt([domain])
+    else:
+        _certificate_install_selfsigned([domain], True)

    try:
        attr_dict = {