def account(config_path: str, directory_path: str):
dnsrobocert_config = config.load(config_path)
acme = dnsrobocert_config.get("acme", {})
email = acme.get("email_account")
if not email:
LOGGER.warning(
"Parameter acme.email_account is not set, skipping ACME registration."
)
return
url = config.get_acme_url(dnsrobocert_config)
utils.execute(
[
sys.executable,
"-m",
"dnsrobocert.core.certbot",
"register",
*_DEFAULT_FLAGS,
"--config-dir",
directory_path,
"--work-dir",
os.path.join(directory_path, "workdir"),
"--logs-dir",
os.path.join(directory_path, "logs"),
"-m",
email,
"--agree-tos",
"--server",
url,
],
check=False,
)
def certonly(
config_path: str,
directory_path: str,
lineage: str,
lock: threading.Lock,
domains: Optional[List[str]] = None,
force_renew: bool = False,
reuse_key: bool = False,
):
if not domains:
return
url = config.get_acme_url(config.load(config_path))
additional_params = []
if force_renew:
additional_params.append("--force-renew")
if reuse_key:
additional_params.append("--reuse-key")
for domain in domains:
additional_params.append("-d")
additional_params.append(domain)
utils.execute(
[
sys.executable,
"-m",
"dnsrobocert.core.certbot",
"certonly",
*_DEFAULT_FLAGS,
"--config-dir",
directory_path,
"--work-dir",
os.path.join(directory_path, "workdir"),
"--logs-dir",
os.path.join(directory_path, "logs"),
"--manual",
"--preferred-challenges=dns",
"--manual-auth-hook",
_hook_cmd("auth", config_path, lineage),
"--manual-cleanup-hook",
_hook_cmd("cleanup", config_path, lineage),
"--expand",
"--deploy-hook",
_hook_cmd("deploy", config_path, lineage),
"--server",
url,
"--cert-name",
lineage,
*additional_params,
],
lock=lock,
)
def _autocmd(certificate: Dict[str, Any]):
autocmd = certificate.get("autocmd")
if autocmd:
if not os.path.exists("/var/run/docker.sock"):
raise RuntimeError("Error, /var/run/docker.sock socket is missing.")
for onecmd in autocmd:
command = onecmd.get("cmd")
containers = onecmd.get("containers", [])
for container in containers:
utils.execute(["docker", "exec", container, command])
def _autocmd(certificate: Dict[str, Any]):
autocmd = certificate.get("autocmd")
if autocmd:
if not os.path.exists("/var/run/docker.sock"):
raise RuntimeError("Error, /var/run/docker.sock socket is missing.")
for onecmd in autocmd:
command = onecmd.get("cmd")
containers = onecmd.get("containers", [])
for container in containers:
if isinstance(command, list):
utils.execute(["docker", "exec", container, *command])
else:
utils.execute(f"docker exec {container} {command}", shell=True)
def renew(config_path: str, directory_path: str):
dnsrobocert_config = config.load(config_path)
if dnsrobocert_config:
utils.execute([
sys.executable,
"-m",
"dnsrobocert.core.certbot",
"renew",
*_DEFAULT_FLAGS,
"--config-dir",
directory_path,
"--deploy-hook",
_hook_cmd("deploy", config_path),
"--work-dir",
os.path.join(directory_path, "workdir"),
"--logs-dir",
os.path.join(directory_path, "logs"),
])
def revoke(config_path: str, directory_path: str, lineage: str):
url = config.get_acme_url(config.load(config_path))
utils.execute([
sys.executable,
"-m",
"dnsrobocert.core.certbot",
"revoke",
"-n",
"--config-dir",
directory_path,
"--work-dir",
os.path.join(directory_path, "workdir"),
"--logs-dir",
os.path.join(directory_path, "logs"),
"--server",
url,
"--cert-path",
os.path.join(directory_path, "live", lineage, "cert.pem"),
])
def _autorestart(certificate: Dict[str, Any]):
autorestart = certificate.get("autorestart")
if autorestart:
if not os.path.exists("/var/run/docker.sock") and not os.path.exists(
"/run/podman/podman.sock"
):
raise RuntimeError(
"Error, /var/run/docker.sock and /run/podman/podman.sock sockets are missing."
)
if os.path.exists("/var/run/docker.sock"):
for onerestart in autorestart:
containers = onerestart.get("containers", [])
for container in containers:
utils.execute(["docker", "restart", container])
swarm_services = onerestart.get("swarm_services", [])
for service in swarm_services:
utils.execute(
[
"docker",
"service",
"update",
"--detach=false",
"--force",
service,
]
)
if os.path.exists("/run/podman/podman.sock"):
for onerestart in autorestart:
containers = onerestart.get("podman_containers", [])
for container in containers:
utils.execute(["podman", "--remote", "restart", container])
