diff --git a/net/acme/Makefile b/net/acme/Makefile index f2e179beb..ee7df1ca5 100644 --- a/net/acme/Makefile +++ b/net/acme/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=acme PKG_SOURCE_VERSION:=1e6b68f5d187fa3d64c889d04a77ee1c79726282 -PKG_VERSION:=1.0 +PKG_VERSION:=1.1 PKG_RELEASE:=1 PKG_LICENSE:=GPLv3 @@ -18,6 +18,7 @@ PKG_SOURCE_URL:=git://github.com/Neilpang/acme.sh.git PKG_SOURCE_PROTO:=git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE) PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE) +LUCI_DIR:=/usr/lib/lua/luci include $(INCLUDE_DIR)/package.mk @@ -55,4 +56,42 @@ define Package/acme/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/acme.sh $(1)/usr/lib/acme/acme.sh endef +define Package/luci-app-acme + SECTION:=luci + CATEGORY:=LuCI + TITLE:=ACME package - LuCI interface + MAINTAINER:=Toke Høiland-Jørgensen + PKGARCH:=all + DEPENDS:= lua luci-base +acme luci-app-uhttpd + SUBMENU:=3. Applications +endef + +define Package/luci-app-acme/description + Control the ACME Letsencrypt certificate interface +endef + +define Package/luci-app-acme/install + $(INSTALL_DIR) $(1)$(LUCI_DIR)/controller $(1)$(LUCI_DIR)/model/cbi + $(INSTALL_DATA) ./files/acme-controller.lua $(1)$(LUCI_DIR)/controller/acme.lua + $(INSTALL_DATA) ./files/acme-cbi.lua $(1)$(LUCI_DIR)/model/cbi/acme.lua + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/uci-defaults-acme $(1)/etc/uci-defaults/luci-acme +endef + +define Package/luci-app-acme/postinst +#!/bin/sh +[ -x /etc/uci-defaults/luci-acme ] && /etc/uci-defaults/luci-acme || exit 0 +endef + +define Package/luci-app-acme/postrm +#!/bin/sh +which uci > /dev/null || exit 0 +uci -q get ucitrack.@acme[0] > /dev/null && { + uci delete ucitrack.@acme[0] + uci commit +} +endef + + $(eval $(call BuildPackage,acme)) +$(eval $(call BuildPackage,luci-app-acme)) diff --git a/net/acme/files/acme-cbi.lua b/net/acme/files/acme-cbi.lua new file mode 100644 index 000000000..a4f7956de --- /dev/null +++ b/net/acme/files/acme-cbi.lua @@ -0,0 +1,65 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2016 Toke Høiland-Jørgensen + +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. + +]]-- + +m = Map("acme", translate("ACME certificates"), + translate("This configures ACME (Letsencrypt) automatic certificate installation. " .. + "Simply fill out this to have the router configured with Letsencrypt-issued " .. + "certificates for the web interface. " .. + "Note that the domain names in the certificate must already be configured to " .. + "point at the router's public IP address. " .. + "Once configured, issuing certificates can take a while. " .. + "Check the logs for progress and any errors.")) + +s = m:section(TypedSection, "acme", translate("ACME global config")) +s.anonymous = true + +st = s:option(Value, "state_dir", translate("State directory"), + translate("Where certs and other state files are kept.")) +st.rmempty = false +st.datatype = "string" + +ae = s:option(Value, "account_email", translate("Account email"), + translate("Email address to associate with account key.")) +ae.rmempty = false + +d = s:option(Flag, "debug", translate("Enable debug logging")) +d.rmempty = false + +cs = m:section(TypedSection, "cert", translate("Certificate config")) +cs.anonymous = false +cs.addremove = true + +e = cs:option(Flag, "enabled", translate("Enabled")) +e.rmempty = false + +us = cs:option(Flag, "use_staging", translate("Use staging server"), + translate("Get certificate from the Letsencrypt staging server " .. + "(use for testing; the certificate won't be valid).")) +us.rmempty = false + +kl = cs:option(Value, "keylength", translate("Key length"), + translate("Number of bits (minimum 2048).")) +kl.rmempty = false +kl.datatype = "and(uinteger,min(2048))" + +u = cs:option(Flag, "update_uhttpd", translate("Use for uhttpd"), + translate("Update the uhttpd config with this certificate once issued " .. + "(only select this for one certificate).")) +u.rmempty = false + +dom = cs:option(DynamicList, "domains", translate("Domain names"), + translate("Domain names to include in the certificate. " .. + "The first name will be the subject name, subsequent names will be alt names. " .. + "Note that all domain names must point at the router in the global DNS.")) +dom.datatype = "list(string)" + +return m diff --git a/net/acme/files/acme-controller.lua b/net/acme/files/acme-controller.lua new file mode 100644 index 000000000..acdd688e4 --- /dev/null +++ b/net/acme/files/acme-controller.lua @@ -0,0 +1,7 @@ +module("luci.controller.acme", package.seeall) + +function index() + entry({"admin", "services", "acme"}, + cbi("acme"), + _("ACME certs"), 50).dependent = false +end diff --git a/net/acme/files/acme.config b/net/acme/files/acme.config index 7fce6982b..c5cd7d3ea 100644 --- a/net/acme/files/acme.config +++ b/net/acme/files/acme.config @@ -1,4 +1,4 @@ -config acme 'main' +config acme option state_dir '/etc/acme' option account_email 'email@example.org' option debug 0 diff --git a/net/acme/files/uci-defaults-acme b/net/acme/files/uci-defaults-acme new file mode 100644 index 000000000..182b488cb --- /dev/null +++ b/net/acme/files/uci-defaults-acme @@ -0,0 +1,11 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete ucitrack.@acme[-1] + add ucitrack acme + add_list ucitrack.@bcp38[0].init=acme + commit ucitrack +EOF + +rm -f /tmp/luci-indexcache +exit 0