Add changedetector functionality for ${SSL_TYPE} == manual (#2404)

Now, setups that use `SSL_TYPE=manual` will profit from the changedetector as well. Certificate changes are picked up and properly propagated.
2025-07-10 01:15:00 +02:00 · 2022-02-18 11:29:51 +01:00 · 2022-02-18 11:29:51 +01:00 · ec8b99335e
commit ec8b99335e
parent 54f2181379
9 changed files with 545 additions and 494 deletions
--- a/target/scripts/helper-functions.sh
+++ b/target/scripts/helper-functions.sh
@ -1,5 +1,9 @@
 #! /bin/bash

+# TODO this file may be split up in the future
+#      into separate files under `target/scripts/helper/`
+#      which is a more fitting place
+
 # These helpers are used by `setup-stack.sh` and `check-for-changes.sh`,
 # not by anything within `helper-functions.sh` itself:
 # shellcheck source=target/scripts/helpers/index.sh
@ -9,6 +13,10 @@ DMS_DEBUG="${DMS_DEBUG:=0}"
 SCRIPT_NAME="$(basename "$0")" # This becomes the sourcing script name (Example: check-for-changes.sh)
 LOCK_ID="$(uuid)" # Used inside of lock files to identify them and prevent removal by other instances of docker-mailserver

+# file storing the checksums of the monitored files.
+# shellcheck disable=SC2034
+CHKSUM_FILE=/tmp/docker-mailserver-config-chksum
+
 # ? --------------------------------------------- BIN HELPER

 function errex
@ -151,47 +159,6 @@ function _sanitize_ipv4_to_subnet_cidr
 }
 export -f _sanitize_ipv4_to_subnet_cidr

-# ? --------------------------------------------- ACME
-
-function _extract_certs_from_acme
-{
-  local CERT_DOMAIN=${1}
-  if [[ -z ${CERT_DOMAIN} ]]
-  then
-    _notify 'err' "_extract_certs_from_acme | CERT_DOMAIN is empty"
-    return 1
-  fi
-
-  local KEY CERT
-  KEY=$(acme_extract /etc/letsencrypt/acme.json "${CERT_DOMAIN}" --key)
-  CERT=$(acme_extract /etc/letsencrypt/acme.json "${CERT_DOMAIN}" --cert)
-
-  if [[ -z ${KEY} ]] || [[ -z ${CERT} ]]
-  then
-    _notify 'warn' "_extract_certs_from_acme | Unable to find key and/or cert for '${CERT_DOMAIN}' in '/etc/letsencrypt/acme.json'"
-    return 1
-  fi
-
-  # Currently we advise SSL_DOMAIN for wildcard support using a `*.example.com` value,
-  # The filepath however should be `example.com`, avoiding the wildcard part:
-  if [[ ${SSL_DOMAIN} == "${CERT_DOMAIN}" ]]
-  then
-    CERT_DOMAIN=$(_strip_wildcard_prefix "${SSL_DOMAIN}")
-  fi
-
-  mkdir -p "/etc/letsencrypt/live/${CERT_DOMAIN}/"
-  echo "${KEY}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/key.pem" || exit 1
-  echo "${CERT}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/fullchain.pem" || exit 1
-
-  _notify 'inf' "_extract_certs_from_acme | Certificate successfully extracted for '${CERT_DOMAIN}'"
-}
-export -f _extract_certs_from_acme
-
-# Remove the `*.` prefix if it exists, else returns the input value
-function _strip_wildcard_prefix {
-  [[ ${1} == "*."* ]] && echo "${1:2}" || echo "${1}"
-}
-
 # ? --------------------------------------------- Notifications

 function _notify
@ -218,43 +185,6 @@ function _notify
 }
 export -f _notify

-# ? --------------------------------------------- File Checksums
-
-# file storing the checksums of the monitored files.
-# shellcheck disable=SC2034
-CHKSUM_FILE=/tmp/docker-mailserver-config-chksum
-
-# Compute checksums of monitored files,
-# returned output on `stdout`: hash + filepath tuple on each line
-function _monitored_files_checksums
-{
-  # If a wildcard path pattern (or an empty ENV) would yield an invalid path
-  # or no results, `shopt -s nullglob` prevents it from being added.
-  shopt -s nullglob
-  declare -a CERT_FILES
-
-  # React to any cert changes within the following letsencrypt locations:
-  CERT_FILES=(
-    /etc/letsencrypt/live/"${SSL_DOMAIN}"/*.pem
-    /etc/letsencrypt/live/"${HOSTNAME}"/*.pem
-    /etc/letsencrypt/live/"${DOMAINNAME}"/*.pem
-  )
-
-  if [[ ! -d /tmp/docker-mailserver ]]
-  then
-    return 1
-  fi
-
-  sha512sum 2>/dev/null --                     \
-    /tmp/docker-mailserver/postfix-accounts.cf \
-    /tmp/docker-mailserver/postfix-virtual.cf  \
-    /tmp/docker-mailserver/postfix-aliases.cf  \
-    /tmp/docker-mailserver/dovecot-quotas.cf   \
-    /etc/letsencrypt/acme.json                 \
-    "${CERT_FILES[@]}"
-}
-export -f _monitored_files_checksums
-
 # ? --------------------------------------------- General

 # Outputs the DNS label count (delimited by `.`) for the given input string.