Skip to content

Add Postfix deploy hookCreate postfix.sh #6607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
+146 −0
Open

Add Postfix deploy hookCreate postfix.sh #6607

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 146 additions & 0 deletions deploy/postfix.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
#!/usr/bin/env sh

# Script for acme.sh to deploy certificates to postfix
#
# The following variables can be exported:
#
# export DEPLOY_POSTFIX_PEM_PATH="/etc/postfix/cert"
#
# Defines location of PEM file for Postfix.
# Defaults to /etc/postfix/cert
#
# export DEPLOY_POSTFIX_PEM_NAME="${domain}.pem"
#
# Defines the name of the PEM file.
# Defaults to "<domain>.pem"
#
# export DEPLOY_POSTFIX_RELOAD="sudo systemctl reload postfix"
#
# You may need to edit sudoers to allow acme user to relaod
#
# OPTIONAL: Reload command used post deploy
# This defaults to be a no-op (ie "true").
# It is strongly recommended to set this something that makes sense
# for your distro.

######## Public functions #####################

postfix_deploy(){
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"

# Some defaults
DEPLOY_POSTFIX_PEM_PATH_DEFAULT="/etc/postfix/cert"
DEPLOY_POSTFIX_PEM_NAME_DEFAULT="${_cdomain}.pem"
DEPLOY_POSTFIX_RELOAD_DEFAULT="true"

_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"

_getdeployconf DEPLOY_POSTFIX_PEM_PATH

# PEM_PATH is optional. If not provided then assume "${DEPLOY_POSTFIX_PEM_PATH_DEFAULT}"
if [ -n "$DEPLOY_POSTFIX_PEM_PATH" ]; then
Le_Deploy_postfix_pem_path="$DEPLOY_POSTFIX_PEM_PATH"
_savedomainconf Le_Deploy_postfix_pem_path "$Le_Deploy_postfix_pem_path"
elif [ -z "$Le_Deploy_postfix_pem_path" ]; then
Le_Deploy_postfix_pem_path="$DEPLOY_POSTFIX_PEM_PATH_DEFAULT"
fi

# Ensure PEM_PATH exists
if [ -d "${Le_Deploy_postfix_pem_path}" ]; then
_debug "PEM_PATH ${Le_Deploy_postfix_pem_path} exists"
else
_err "PEM_PATH ${Le_Deploy_postfix_pem_path} does not exist"
return 1
fi

# PEM_NAME is optional. If not provided then assume "${DEPLOY_POSTFIX_PEM_NAME_DEFAULT}"
_getdeployconf DEPLOY_POSTFIX_PEM_NAME
_debug2 DEPLOY_POSTFIX_PEM_NAME "${DEPLOY_POSTFIX_PEM_NAME}"

# Was the environment variable explicitly set (even if empty)?
if [ -n "${DEPLOY_POSTFIX_PEM_NAME+x}" ]; then
_env_has_pem_name=1
else
_env_has_pem_name=0
fi

if [ "$_env_has_pem_name" -eq 1 ]; then
if [ -n "${DEPLOY_POSTFIX_PEM_NAME}" ]; then
# ENV is non-empty, use it and save it
Le_Deploy_postfix_pem_name="${DEPLOY_POSTFIX_PEM_NAME}"
_savedomainconf Le_Deploy_postfix_pem_name "${Le_Deploy_postfix_pem_name}"
else
# ENV explicitly empty, reset to default, clear saved value
Le_Deploy_postfix_pem_name="${DEPLOY_POSTFIX_PEM_NAME_DEFAULT}"
_cleardomainconf Le_Deploy_postfix_pem_name 2>/dev/null || true
fi
elif [ -z "${Le_Deploy_postfix_pem_name}" ]; then
Le_Deploy_postfix_pem_name="${DEPLOY_POSTFIX_PEM_NAME_DEFAULT}"
# We better not have '*' as the first character
if [ "${Le_Deploy_postfix_pem_name%%"${Le_Deploy_postfix_pem_name#?}"}" = '*' ]; then
# removes the first characters and add a _ instead
Le_Deploy_postfix_pem_name="_${Le_Deploy_postfix_pem_name#?}"
fi
fi

# RELOAD is optional. If not provided then assume "${DEPLOY_POSTFIX_RELOAD_DEFAULT}"
_getdeployconf DEPLOY_POSTFIX_RELOAD
_debug2 DEPLOY_POSTFIX_RELOAD "${DEPLOY_POSTFIX_RELOAD}"
if [ -n "${DEPLOY_POSTFIX_RELOAD}" ]; then
Le_Deploy_postfix_reload="${DEPLOY_POSTFIX_RELOAD}"
_savedomainconf Le_Deploy_postfix_reload "${Le_Deploy_postfix_reload}"
elif [ -z "${Le_Deploy_postfix_reload}" ]; then
Le_Deploy_postfix_reload="${DEPLOY_POSTFIX_RELOAD_DEFAULT}"
fi

# Set variables for later
_pem="${Le_Deploy_postfix_pem_path}/${Le_Deploy_postfix_pem_name}"
_reload="${Le_Deploy_postfix_reload}"

_info "Deploying PEM file"
# Create a temporary PEM file
_temppem="$(_mktemp)"
_debug _temppem "${_temppem}"
cat "${_ckey}" "${_ccert}" "${_cca}" | grep . >"${_temppem}"
_ret="$?"

# Check that we could create the temporary file
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} returned during PEM file creation"
[ -f "${_temppem}" ] && rm -f "${_temppem}"
return ${_ret}
fi

# Move PEM file into place
_info "Moving new certificate into place"
_debug _pem "${_pem}"
: "${DEPLOY_POSTFIX_PEM_MODE:=0640}"
chmod "${DEPLOY_POSTFIX_PEM_MODE}" "${_temppem}" 2>/dev/null || true
mv "${_temppem}" "${_pem}" || {
# Deal with any failure of moving PEM file into place
_err "Failed to move new certificate into place"
[ -f "${_temppem}" ] && rm -f "${_temppem}"
return 1
}

# Reload Postfix
_debug _reload "${_reload}"
eval "${_reload}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} during reload"
return ${_ret}
else
_info "Reload successful"
fi

return 0
}