]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/NodeConfig.pm
1 package PMG
::NodeConfig
;
9 use PVE
::JSONSchema
qw(get_standard_option);
12 use PMG
::API2
::ACMEPlugin
;
15 # register up to 5 domain names per node for now
18 my $inotify_file_id = 'pmg-node-config.conf';
19 my $config_filename = '/etc/pmg/node.conf';
20 my $lockfile = "/var/lock/pmg-node-config.lck";
22 my $acme_domain_desc = {
25 format
=> 'pmg-acme-domain',
26 format_description
=> 'domain',
27 description
=> 'domain for this node\'s ACME certificate',
32 format
=> 'pve-configid',
33 description
=> 'The ACME plugin ID',
34 format_description
=> 'name of the plugin configuration',
36 default => 'standalone',
40 format
=> 'pmg-acme-alias',
41 format_description
=> 'domain',
42 description
=> 'Alias for the Domain to verify ACME Challenge over DNS',
47 format
=> 'pmg-certificate-type-list',
48 description
=> 'Whether this domain is used for the API, SMTP or both',
53 account
=> get_standard_option
('pmg-acme-account-name'),
59 description
=> 'Node specific ACME settings.',
66 description
=> 'ACME domain and validation plugin',
67 format
=> $acme_domain_desc,
73 sub acme_config_schema
: prototype(;$) {
80 additionalProperties
=> 0,
88 my $config_schema = acme_config_schema
();
90 # Parse the config's acme property string if it exists.
92 # Returns nothing if the entry is not set.
93 sub parse_acme
: prototype($) {
95 my $data = $cfg->{acme
};
97 return PVE
::JSONSchema
::parse_property_string
($acmedesc, $data);
99 return; # empty list otherwise
102 # Turn the acme object into a property string.
103 sub print_acme
: prototype($) {
105 return PVE
::JSONSchema
::print_property_string
($acmedesc, $acme);
108 # Parse a domain entry from the config.
109 sub parse_domain
: prototype($) {
111 return PVE
::JSONSchema
::parse_property_string
($acme_domain_desc, $data);
114 # Turn a domain object into a property string.
115 sub print_domain
: prototype($) {
117 return PVE
::JSONSchema
::print_property_string
($acme_domain_desc, $domain);
120 sub read_pmg_node_config
{
121 my ($filename, $fh) = @_;
122 local $/ = undef; # slurp mode
123 my $raw = defined($fh) ?
<$fh> : '';
124 my $digest = Digest
::SHA
::sha1_hex
($raw);
125 my $conf = PVE
::JSONSchema
::parse_config
($config_schema, $filename, $raw);
126 $conf->{digest
} = $digest;
130 sub write_pmg_node_config
{
131 my ($filename, $fh, $cfg) = @_;
132 my $raw = PVE
::JSONSchema
::dump_config
($config_schema, $filename, $cfg);
133 PVE
::Tools
::safe_print
($filename, $fh, $raw);
136 PVE
::INotify
::register_file
($inotify_file_id, $config_filename,
137 \
&read_pmg_node_config
,
138 \
&write_pmg_node_config
,
140 always_call_parser
=> 1);
144 my $p = PVE
::Tools
::lock_file
($lockfile, undef, $code);
150 # auto-adds the standalone plugin if no config is there for backwards
151 # compatibility, so ALWAYS call the cfs registered parser
152 return PVE
::INotify
::read_file
($inotify_file_id);
157 return PVE
::INotify
::write_file
($inotify_file_id, $self);
160 # we always convert domain values to lower case, since DNS entries are not case
161 # sensitive and ACME implementations might convert the ordered identifiers
163 # FIXME: Could also be shared between PVE and PMG
165 my ($conf, $noerr) = @_;
170 if (defined($conf->{acme
})) {
172 PVE
::JSONSchema
::parse_property_string
($acmedesc, $conf->{acme
})
175 return undef if $noerr;
178 my $standalone_domains = delete($res->{domains
}) // '';
179 $res->{domains
} = {};
180 for my $domain (split(";", $standalone_domains)) {
181 $domain = lc($domain);
182 die "duplicate domain '$domain' in ACME config properties\n"
183 if defined($res->{domains
}->{$domain});
185 $res->{domains
}->{$domain}->{plugin
} = 'standalone';
186 $res->{domains
}->{$domain}->{_configkey
} = 'acme';
190 $res->{account
} //= 'default';
192 for my $index (0..$MAXDOMAINS) {
193 my $domain_rec = $conf->{"acmedomain$index"};
194 next if !defined($domain_rec);
197 PVE
::JSONSchema
::parse_property_string
($acme_domain_desc, $domain_rec)
200 return undef if $noerr;
203 my $domain = lc(delete $parsed->{domain
});
204 if (my $exists = $res->{domains
}->{$domain}) {
205 return undef if $noerr;
206 die "duplicate domain '$domain' in ACME config properties"
207 ." 'acmedomain$index' and '$exists->{_configkey}'\n";
209 $parsed->{plugin
} //= 'standalone';
211 my $plugin_id = $parsed->{plugin
};
212 if ($plugin_id ne 'standalone') {
213 my $plugins = PMG
::API2
::ACMEPlugin
::load_config
();
214 die "plugin '$plugin_id' for domain '$domain' not found!\n"
215 if !$plugins->{ids
}->{$plugin_id};
218 $parsed->{_configkey
} = "acmedomain$index";
219 $res->{domains
}->{$domain} = $parsed;