From 35a254fc1cd1d2dba3594dfb71eebbccf3722e10 Mon Sep 17 00:00:00 2001 From: missytake Date: Thu, 31 Oct 2024 17:59:17 +0100 Subject: [PATCH] acmetool: only request iroh certificate if it's required --- cmdeploy/src/cmdeploy/__init__.py | 8 ++++++-- cmdeploy/src/cmdeploy/cmdeploy.py | 1 + cmdeploy/src/cmdeploy/deploy.py | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py index ce361858..8ac0654f 100644 --- a/cmdeploy/src/cmdeploy/__init__.py +++ b/cmdeploy/src/cmdeploy/__init__.py @@ -528,11 +528,12 @@ def deploy_iroh_relay(config) -> None: ) -def deploy_chatmail(config_path: Path, disable_mail: bool) -> None: +def deploy_chatmail(config_path: Path, disable_mail: bool, require_iroh: bool) -> None: """Deploy a chat-mail instance. :param config_path: path to chatmail.ini :param disable_mail: whether to disable postfix & dovecot + :param require_iroh: whether to request a TLS certificate for iroh.$mail_domain """ config = read_config(config_path) check_config(config) @@ -609,8 +610,11 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None: deploy_iroh_relay(config) # Deploy acmetool to have TLS certificates. + tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"] + if require_iroh: + tls_domains.append(f"iroh.{mail_domain}") deploy_acmetool( - domains=[mail_domain, f"mta-sts.{mail_domain}", f"iroh.{mail_domain}", f"www.{mail_domain}"], + domains=tls_domains, ) apt.packages( diff --git a/cmdeploy/src/cmdeploy/cmdeploy.py b/cmdeploy/src/cmdeploy/cmdeploy.py index 5a66fd52..fe7970dc 100644 --- a/cmdeploy/src/cmdeploy/cmdeploy.py +++ b/cmdeploy/src/cmdeploy/cmdeploy.py @@ -77,6 +77,7 @@ def run_cmd(args, out): env = os.environ.copy() env["CHATMAIL_INI"] = args.inipath env["CHATMAIL_DISABLE_MAIL"] = "True" if args.disable_mail else "" + env["CHATMAIL_REQUIRE_IROH"] = "True" if require_iroh else "" deploy_path = importlib.resources.files(__package__).joinpath("deploy.py").resolve() pyinf = "pyinfra --dry" if args.dry_run else "pyinfra" ssh_host = args.config.mail_domain if not args.ssh_host else args.ssh_host diff --git a/cmdeploy/src/cmdeploy/deploy.py b/cmdeploy/src/cmdeploy/deploy.py index 0ea153d7..9c8e7400 100644 --- a/cmdeploy/src/cmdeploy/deploy.py +++ b/cmdeploy/src/cmdeploy/deploy.py @@ -12,8 +12,9 @@ def main(): importlib.resources.files("cmdeploy").joinpath("../../../chatmail.ini"), ) disable_mail = bool(os.environ.get('CHATMAIL_DISABLE_MAIL')) + require_iroh = bool(os.environ.get('CHATMAIL_REQUIRE_IROH')) - deploy_chatmail(config_path, disable_mail) + deploy_chatmail(config_path, disable_mail, require_iroh) if pyinfra.is_cli: