Add hook to handle special needs of ejabberd and dovecot.

2 files changed, 48 insertions, 0 deletions

diff --git a/dehydrated/conf.d/hook.sh b/dehydrated/conf.d/hook.sh
new file mode 100644
index 0000000..8779de8
--- /dev/null
+++ b/dehydrated/conf.d/hook.sh
@@ -0,0 +1,2 @@
+# Use Redpill hook
+HOOK=/etc/local-COMMON/dehydrated/hook.sh
diff --git a/dehydrated/hook.sh b/dehydrated/hook.sh
new file mode 100755
index 0000000..2aa257c
--- /dev/null
+++ b/dehydrated/hook.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+set -e
+
+ACTION=$1; shift
+
+REALM=$(cat /etc/local-ORG/realm)
+
+# resolve hostnames of service installed and registered with Redpill
+servicehosts() {
+	SERVICE=$1; shift
+	for binary in "$@"; do
+		which -- "$binary" || exit
+	done
+	cat "/etc/local-REDPILL/$REALM/${SERVICE}host" \
+	  "/etc/local-REDPILL/$REALM/${SERVICE}althosts" \
+	  2> /dev/null \
+	  | perl -0777 -pe 's/\s*\#.*//gm;s/^\s+//;s/\s+$//;s/\s+/|/g'
+}
+MAILHOSTS=$(servicehosts mail postconf)
+MAILHOSTS=$(servicehosts chat ejabberdctl)
+
+case "$ACTION" in
+  deploy_challenge) ;;
+  clean_challenge) ;;
+#  deploy_cert)
+  deploy_cert|unchanged_cert)
+	DOMAIN="$1"; KEYFILE="$2"; FULLCHAINFILE="$4"
+	case "$DOMAIN" in
+	  "$MAILHOSTS")
+		cat "$FULLCHAINFILE" > "/etc/dovecot/$DOMAIN.pem"
+		sg dovecot -c "umask 027; cat '$KEYFILE' > '/etc/dovecot/private/$DOMAIN.pem'"
+		#service dovecot force-reload
+		;;
+	  "$CHATHOSTS")
+		sg ejabberd -c "umask 027; cat '$KEYFILE' '$FULLCHAINFILE' > '/etc/ejabberd/$DOMAIN.pem'"
+		#service ejabberd force-reload
+		;;
+	esac
+	;;
+  unchanged_cert) ;;
+  *)
+	>&2 echo "ERROR: unsupported action \"$ACTION\""
+	exit 1
+	;;
+esac