gmnisrv > Twins (committed for history)

src/main.rs

@@ -34,7 +34,8 @@ fn parse_command() {
             _ if p == "setup-user" => setup_user(args[2].to_string(), args[3].to_string()),
             _ if p == "reload-nginx" => reload_nginx(),
             _ if p == "reload-tor" => reload_tor(),
-            _ if p == "restart-gmnisrv" => restart_gmnisrv(),
+            _ if p == "reload-twins" => reload_twins(),
+            _ if p == "gemini-new-certificate" => gemini_new_certificate(args[2].to_string()),
             _ if p == "le-install" => le_install(args[2].to_string()),
             _ if p == "export-tor" => export_tor(args[2].to_string(), args[3].to_string()),
             _ => exit("This subcommand doesn't exists.".to_string()),
@@ -44,42 +45,71 @@ fn parse_command() {
 
 }
 
-fn export_tor(username: String, dir: String) {
+fn gemini_new_certificate(domain: String) {
-    if is_string_lowercase(username.to_string()) {
-        if is_string_lowercase(dir.to_string()) {
-            let mut src_path: String = "/var/lib/tor/niver/".to_owned();
-            src_path += &dir.to_string();
-            src_path += &"/hostname".to_string().to_owned();
 
-            let mut dest_path: String = "/srv/ht/".to_owned();
+    let mut common_name: String = "/CN=".to_owned();
-            dest_path += &username.to_string();
+    common_name += &domain.to_string();
-            dest_path += &"/ht/".to_string().to_owned();
-            dest_path += &dir.to_string();
-            dest_path += &"/hostname".to_string().to_owned();
 
-            match fs::copy(src_path, &dest_path) {
+    let mut key_file: String = "/var/local/twins/tls/".to_owned();
-                Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why),
+    key_file += &domain.to_string();
-                Ok(process) => process,
+    key_file += &".key".to_string().to_owned();
-            };
 
-            let output = Command::new("/usr/bin/chown")
+    let mut cert_file: String = "/var/local/twins/tls/".to_owned();
-                .arg("www-data:www-data")
+    cert_file += &domain.to_string();
-                .arg(dest_path)
+    cert_file += &".crt".to_string().to_owned();
-                .output()
-                .expect("failed to execute process");
 
-            print_output(output);
+    let output = Command::new("/usr/bin/openssl")
-        } else {
+        .arg("req")
-            exit("The dirname must be composed only of lowercase letters.".to_string());
+        .arg("-subj")
-        }
+        .arg(common_name)
-    } else {
+        .arg("-new")
-        exit("The username must be composed only of lowercase letters.".to_string());
+        .arg("-newkey")
-    }
+        .arg("ED25519")
+        .arg("-days")
+        .arg("3650")
+        .arg("-nodes")
+        .arg("-x509")
+        .arg("-keyout")
+        .arg(&key_file)
+        .arg("-out")
+        .arg(&cert_file)
+        .output()
+        .expect("failed to execute process");
+    print_output(output);
+
+    let output = Command::new("/usr/bin/chmod")
+        .arg("400")
+        .arg(&key_file)
+        .output()
+        .expect("Failed to change key file mode to 400");
+    print_output(output);
+
+    let output = Command::new("/usr/bin/chown")
+        .arg("twins:twins")
+        .arg(key_file)
+        .output()
+        .expect("Failed to chown key file to twins:twins");
+    print_output(output);
+
+    let output = Command::new("/usr/bin/chmod")
+        .arg("400")
+        .arg(&cert_file)
+        .output()
+        .expect("Failed to change key file mode to 400");
+    print_output(output);
+
+    let output = Command::new("/usr/bin/chown")
+        .arg("twins:twins")
+        .arg(cert_file)
+        .output()
+        .expect("Failed to chown key file to twins:twins");
+    print_output(output);
 }
 
 fn le_install(domain: String) {
 
     let output = Command::new("/usr/bin/certbot")
+        .arg("certonly")
         .arg("--nginx")
         // Using ECDSA
         //.arg("--key-type")
@@ -98,6 +128,56 @@ fn le_install(domain: String) {
     print_output(output);
 }
 
+fn export_tor(username: String, dir: String) {
+    if is_string_lowercase(username.to_string()) {
+        if is_string_lowercase(dir.to_string()) {
+            let mut src_path: String = "/var/lib/tor-instances/niver/keys/".to_owned();
+            src_path += &dir.to_string();
+            src_path += &"/hostname".to_string().to_owned();
+
+            let mut dest_path: String = "/srv/ht/".to_owned();
+            dest_path += &username.to_string();
+            dest_path += &"/ht/".to_string().to_owned();
+            dest_path += &dir.to_string();
+            dest_path += &"/hostname".to_string().to_owned();
+
+            match fs::copy(src_path, &dest_path) {
+                Err(why) => panic!("Error while copying file (fs::copy) : {}", why),
+                Ok(process) => process,
+            };
+
+            let output = Command::new("/usr/bin/chown")
+                .arg("php-niver:ht")
+                .arg(&dest_path)
+                .output()
+                .expect("failed to execute process");
+
+            print_output(output);
+
+            let output = Command::new("/usr/bin/chmod")
+                .arg("440")
+                .arg(dest_path)
+                .output()
+                .expect("failed to execute process");
+
+            print_output(output);
+        } else {
+            exit("The dirname must be composed only of lowercase letters.".to_string());
+        }
+    } else {
+        exit("The username must be composed only of lowercase letters.".to_string());
+    }
+}
+
+fn reload_tor() {
+    let output = Command::new("/usr/bin/systemctl")
+        .arg("reload")
+        .arg("tor@niver")
+        .output()
+        .expect("Error while reloading Tor config");
+    print_output(output);
+}
+
 fn reload_nginx() {
     let output = Command::new("/usr/bin/systemctl")
         .arg("reload")
@@ -107,21 +187,12 @@ fn reload_nginx() {
     print_output(output);
 }
 
-fn reload_tor() {
+fn reload_twins() {
     let output = Command::new("/usr/bin/systemctl")
         .arg("reload")
-        .arg("tor@default")
+        .arg("twins")
         .output()
-        .expect("Error while reloading Tor config");
+        .expect("Error while reloading Twins");
-    print_output(output);
-}
-
-fn restart_gmnisrv() {
-    let output = Command::new("/usr/bin/systemctl")
-        .arg("restart")
-        .arg("gmnisrv")
-        .output()
-        .expect("Error while restarting Gmnisrv");
     print_output(output);
 }
 
@@ -224,7 +295,7 @@ fn chown_root(username: String) {
 fn quota(username: String) {
     let output = Command::new("/usr/sbin/edquota")
         .arg("-p")
-        .arg("vase")
+        .arg("niver-quota")
         .arg(&username)
         .output()
         .expect("failed to execute process");