free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Unfortunately, copying of tls keys for exim seems like the only option

Bob Mottram 7 anos atrás
pai
e9015ac426
commit
2db60740d6
2 arquivos alterados com 36 adições e 10 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 3
    0
      src/freedombone-app-fedwiki
  2. 33
    10
      src/freedombone-utils-web

+ 3
- 0
src/freedombone-app-fedwiki Ver arquivo 

@@ -448,6 +448,9 @@ function install_fedwiki {
448 448 
     echo '[Install]' >> /etc/systemd/system/fedwiki.service
449 449 
     echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
450 450
451 
+    if [ ! -d ${FEDWIKI_DATA}/status ]; then
452 
+        mkdir -p ${FEDWIKI_DATA}/status
453 
+    fi
451 454 
     fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
452 455 
     echo '{' > $fedwiki_auth_file
453 456 
     echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file

+ 33
- 10
src/freedombone-utils-web Ver arquivo 

@@ -861,12 +861,27 @@ function update_default_domain {
861 861 
             fi
862 862 
         fi
863 863
864 
-        if [ -d /etc/dovecot ]; then
865 
-            if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
866 
-                if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
867 
-                    sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
868 
-                    sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
869 
-                    systemctl restart dovecot
864 
+        if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
865 
+            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
866 
+                if [ -d /etc/dovecot ]; then
867 
+                    if ! grep -q "ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" /etc/dovecot/conf.d/10-ssl.conf; then
868 
+                        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
869 
+                        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
870 
+                        systemctl restart dovecot
871 
+                    fi
872 
+                fi
873 
+
874 
+                if [ -d /etc/exim4 ]; then
875 
+                    cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
876 
+                    chown root:Debian-exim /etc/exim4/*.pem
877 
+                    chmod 640 /etc/exim4/*.pem
878 
+
879 
+                    sed -i "s|MAIN_TLS_CERTKEY =.*|MAIN_TLS_CERTKEY = /etc/exim4/fullchain.pem|g" /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
880 
+                    sed -i "s|MAIN_TLS_CERTKEY =.*|MAIN_TLS_CERTKEY = /etc/exim4/fullchain.pem|g" /etc/exim4/exim4.conf.template
881 
+                    sed -i "s|MAIN_TLS_PRIVATEKEY =.*|MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem|g" /etc/exim4/conf.d/main/03_exim4-config_tlsoptions
882 
+                    sed -i "s|MAIN_TLS_PRIVATEKEY =.*|MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem|g" /etc/exim4/exim4.conf.template
883 
+
884 
+                    systemctl restart exim4
870 885 
                 fi
871 886 
             fi
872 887 
         fi
 
@@ -1026,14 +1041,22 @@ function email_install_tls {
1026 1041 
         email_config_changed=1
1027 1042 
     fi
1028 1043 
     if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
1029 
-        if ! grep -q "MAIN_TLS_CERTKEY = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" $tls_config_file; then
1030 
-            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\MAIN_TLS_CERTKEY = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" $tls_config_file
1044 
+        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem /etc/exim4/
1045 
+        chown root:Debian-exim /etc/exim4/*.pem
1046 
+        chmod 640 /etc/exim4/*.pem
1047 
+
1048 
+        if ! grep -q "MAIN_TLS_CERTKEY = /etc/exim4/fullchain.pem" $tls_config_file; then
1049 
+            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\MAIN_TLS_CERTKEY = /etc/exim4/fullchain.pem" $tls_config_file
1031 1050 
             email_config_changed=1
1032 1051 
         fi
1033 1052 
     fi
1034 1053 
     if [ -f /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key ]; then
1035 
-        if ! grep -q "MAIN_TLS_PRIVATEKEY = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" $tls_config_file; then
1036 
-            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\MAIN_TLS_PRIVATEKEY = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" $tls_config_file
1054 
+        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem /etc/exim4/
1055 
+        chown root:Debian-exim /etc/exim4/*.pem
1056 
+        chmod 640 /etc/exim4/*.pem
1057 
+
1058 
+        if ! grep -q "MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file; then
1059 
+            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file
1037 1060 
             email_config_changed=1
1038 1061 
         fi
1039 1062 
     fi