From 0879fd76bf324d2dfc86606ffba6d0d89ee02bbb Mon Sep 17 00:00:00 2001 From: Miraty Date: Fri, 29 Apr 2022 13:46:35 +0200 Subject: [PATCH] gmnisrv > Twins (committed for history) --- src/main.rs | 153 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 112 insertions(+), 41 deletions(-) diff --git a/src/main.rs b/src/main.rs index bf4b3be..1f0fc52 100755 --- a/src/main.rs +++ b/src/main.rs @@ -34,7 +34,8 @@ fn parse_command() { _ if p == "setup-user" => setup_user(args[2].to_string(), args[3].to_string()), _ if p == "reload-nginx" => reload_nginx(), _ if p == "reload-tor" => reload_tor(), - _ if p == "restart-gmnisrv" => restart_gmnisrv(), + _ if p == "reload-twins" => reload_twins(), + _ if p == "gemini-new-certificate" => gemini_new_certificate(args[2].to_string()), _ if p == "le-install" => le_install(args[2].to_string()), _ if p == "export-tor" => export_tor(args[2].to_string(), args[3].to_string()), _ => exit("This subcommand doesn't exists.".to_string()), @@ -44,42 +45,71 @@ fn parse_command() { } -fn export_tor(username: String, dir: String) { - if is_string_lowercase(username.to_string()) { - if is_string_lowercase(dir.to_string()) { - let mut src_path: String = "/var/lib/tor/niver/".to_owned(); - src_path += &dir.to_string(); - src_path += &"/hostname".to_string().to_owned(); +fn gemini_new_certificate(domain: String) { - let mut dest_path: String = "/srv/ht/".to_owned(); - dest_path += &username.to_string(); - dest_path += &"/ht/".to_string().to_owned(); - dest_path += &dir.to_string(); - dest_path += &"/hostname".to_string().to_owned(); + let mut common_name: String = "/CN=".to_owned(); + common_name += &domain.to_string(); - match fs::copy(src_path, &dest_path) { - Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why), - Ok(process) => process, - }; + let mut key_file: String = "/var/local/twins/tls/".to_owned(); + key_file += &domain.to_string(); + key_file += &".key".to_string().to_owned(); - let output = Command::new("/usr/bin/chown") - .arg("www-data:www-data") - .arg(dest_path) - .output() - .expect("failed to execute process"); + let mut cert_file: String = "/var/local/twins/tls/".to_owned(); + cert_file += &domain.to_string(); + cert_file += &".crt".to_string().to_owned(); - print_output(output); - } else { - exit("The dirname must be composed only of lowercase letters.".to_string()); - } - } else { - exit("The username must be composed only of lowercase letters.".to_string()); - } + let output = Command::new("/usr/bin/openssl") + .arg("req") + .arg("-subj") + .arg(common_name) + .arg("-new") + .arg("-newkey") + .arg("ED25519") + .arg("-days") + .arg("3650") + .arg("-nodes") + .arg("-x509") + .arg("-keyout") + .arg(&key_file) + .arg("-out") + .arg(&cert_file) + .output() + .expect("failed to execute process"); + print_output(output); + + let output = Command::new("/usr/bin/chmod") + .arg("400") + .arg(&key_file) + .output() + .expect("Failed to change key file mode to 400"); + print_output(output); + + let output = Command::new("/usr/bin/chown") + .arg("twins:twins") + .arg(key_file) + .output() + .expect("Failed to chown key file to twins:twins"); + print_output(output); + + let output = Command::new("/usr/bin/chmod") + .arg("400") + .arg(&cert_file) + .output() + .expect("Failed to change key file mode to 400"); + print_output(output); + + let output = Command::new("/usr/bin/chown") + .arg("twins:twins") + .arg(cert_file) + .output() + .expect("Failed to chown key file to twins:twins"); + print_output(output); } fn le_install(domain: String) { let output = Command::new("/usr/bin/certbot") + .arg("certonly") .arg("--nginx") // Using ECDSA //.arg("--key-type") @@ -98,6 +128,56 @@ fn le_install(domain: String) { print_output(output); } +fn export_tor(username: String, dir: String) { + if is_string_lowercase(username.to_string()) { + if is_string_lowercase(dir.to_string()) { + let mut src_path: String = "/var/lib/tor-instances/niver/keys/".to_owned(); + src_path += &dir.to_string(); + src_path += &"/hostname".to_string().to_owned(); + + let mut dest_path: String = "/srv/ht/".to_owned(); + dest_path += &username.to_string(); + dest_path += &"/ht/".to_string().to_owned(); + dest_path += &dir.to_string(); + dest_path += &"/hostname".to_string().to_owned(); + + match fs::copy(src_path, &dest_path) { + Err(why) => panic!("Error while copying file (fs::copy) : {}", why), + Ok(process) => process, + }; + + let output = Command::new("/usr/bin/chown") + .arg("php-niver:ht") + .arg(&dest_path) + .output() + .expect("failed to execute process"); + + print_output(output); + + let output = Command::new("/usr/bin/chmod") + .arg("440") + .arg(dest_path) + .output() + .expect("failed to execute process"); + + print_output(output); + } else { + exit("The dirname must be composed only of lowercase letters.".to_string()); + } + } else { + exit("The username must be composed only of lowercase letters.".to_string()); + } +} + +fn reload_tor() { + let output = Command::new("/usr/bin/systemctl") + .arg("reload") + .arg("tor@niver") + .output() + .expect("Error while reloading Tor config"); + print_output(output); +} + fn reload_nginx() { let output = Command::new("/usr/bin/systemctl") .arg("reload") @@ -107,21 +187,12 @@ fn reload_nginx() { print_output(output); } -fn reload_tor() { +fn reload_twins() { let output = Command::new("/usr/bin/systemctl") .arg("reload") - .arg("tor@default") + .arg("twins") .output() - .expect("Error while reloading Tor config"); - print_output(output); -} - -fn restart_gmnisrv() { - let output = Command::new("/usr/bin/systemctl") - .arg("restart") - .arg("gmnisrv") - .output() - .expect("Error while restarting Gmnisrv"); + .expect("Error while reloading Twins"); print_output(output); } @@ -224,7 +295,7 @@ fn chown_root(username: String) { fn quota(username: String) { let output = Command::new("/usr/sbin/edquota") .arg("-p") - .arg("vase") + .arg("niver-quota") .arg(&username) .output() .expect("failed to execute process");