acme: Add Luci app

This adds a Luci configuration app for the ACME certificate package.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

net/acme/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=acme
 PKG_SOURCE_VERSION:=1e6b68f5d187fa3d64c889d04a77ee1c79726282
-PKG_VERSION:=1.0
+PKG_VERSION:=1.1
 PKG_RELEASE:=1
 PKG_LICENSE:=GPLv3
 
@@ -18,6 +18,7 @@ PKG_SOURCE_URL:=git://github.com/Neilpang/acme.sh.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
+LUCI_DIR:=/usr/lib/lua/luci
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -55,4 +56,42 @@ define Package/acme/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/acme.sh $(1)/usr/lib/acme/acme.sh
 endef
 
+define Package/luci-app-acme
+  SECTION:=luci
+  CATEGORY:=LuCI
+  TITLE:=ACME package - LuCI interface
+  MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
+  PKGARCH:=all
+  DEPENDS:= lua luci-base +acme luci-app-uhttpd
+  SUBMENU:=3. Applications
+endef
+
+define Package/luci-app-acme/description
+	Control the ACME Letsencrypt certificate interface
+endef
+
+define Package/luci-app-acme/install
+	$(INSTALL_DIR) $(1)$(LUCI_DIR)/controller $(1)$(LUCI_DIR)/model/cbi
+	$(INSTALL_DATA) ./files/acme-controller.lua $(1)$(LUCI_DIR)/controller/acme.lua
+	$(INSTALL_DATA) ./files/acme-cbi.lua $(1)$(LUCI_DIR)/model/cbi/acme.lua
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/uci-defaults-acme $(1)/etc/uci-defaults/luci-acme
+endef
+
+define Package/luci-app-acme/postinst
+#!/bin/sh
+[ -x /etc/uci-defaults/luci-acme ] && /etc/uci-defaults/luci-acme || exit 0
+endef
+
+define Package/luci-app-acme/postrm
+#!/bin/sh
+which uci > /dev/null || exit 0
+uci -q get ucitrack.@acme[0] > /dev/null && {
+  uci delete ucitrack.@acme[0]
+  uci commit
+}
+endef
+
+
 $(eval $(call BuildPackage,acme))
+$(eval $(call BuildPackage,luci-app-acme))

net/acme/files/acme-cbi.lua

@@ -0,0 +1,65 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2016 Toke Høiland-Jørgensen <toke@toke.dk>
+
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3 of the License, or (at your option) any later
+# version.
+
+]]--
+
+m = Map("acme", translate("ACME certificates"),
+	translate("This configures ACME (Letsencrypt) automatic certificate installation. " ..
+                  "Simply fill out this to have the router configured with Letsencrypt-issued " ..
+                  "certificates for the web interface. " ..
+                  "Note that the domain names in the certificate must already be configured to " ..
+                  "point at the router's public IP address. " ..
+                  "Once configured, issuing certificates can take a while. " ..
+                  "Check the logs for progress and any errors."))
+
+s = m:section(TypedSection, "acme", translate("ACME global config"))
+s.anonymous = true
+
+st = s:option(Value, "state_dir", translate("State directory"),
+              translate("Where certs and other state files are kept."))
+st.rmempty = false
+st.datatype = "string"
+
+ae = s:option(Value, "account_email", translate("Account email"),
+              translate("Email address to associate with account key."))
+ae.rmempty = false
+
+d = s:option(Flag, "debug", translate("Enable debug logging"))
+d.rmempty = false
+
+cs = m:section(TypedSection, "cert", translate("Certificate config"))
+cs.anonymous = false
+cs.addremove = true
+
+e = cs:option(Flag, "enabled", translate("Enabled"))
+e.rmempty = false
+
+us = cs:option(Flag, "use_staging", translate("Use staging server"),
+               translate("Get certificate from the Letsencrypt staging server " ..
+                         "(use for testing; the certificate won't be valid)."))
+us.rmempty = false
+
+kl = cs:option(Value, "keylength", translate("Key length"),
+               translate("Number of bits (minimum 2048)."))
+kl.rmempty = false
+kl.datatype = "and(uinteger,min(2048))"
+
+u = cs:option(Flag, "update_uhttpd", translate("Use for uhttpd"),
+              translate("Update the uhttpd config with this certificate once issued " ..
+                        "(only select this for one certificate)."))
+u.rmempty = false
+
+dom = cs:option(DynamicList, "domains", translate("Domain names"),
+                translate("Domain names to include in the certificate. " ..
+                          "The first name will be the subject name, subsequent names will be alt names. " ..
+                          "Note that all domain names must point at the router in the global DNS."))
+dom.datatype = "list(string)"
+
+return m

net/acme/files/acme-controller.lua

@@ -0,0 +1,7 @@
+module("luci.controller.acme", package.seeall)
+
+function index()
+	entry({"admin", "services", "acme"},
+		cbi("acme"),
+		_("ACME certs"), 50).dependent = false
+end

net/acme/files/acme.config

@@ -1,4 +1,4 @@
-config acme 'main'
+config acme
        option state_dir '/etc/acme'
        option account_email 'email@example.org'
        option debug 0

net/acme/files/uci-defaults-acme

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@acme[-1]
+	add ucitrack acme
+        add_list ucitrack.@bcp38[0].init=acme
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0