From dc1c0e65793c629119b67bfc73e7fc6bfd906c9d Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pascal.vizeli@syshack.ch>
Date: Sat, 22 Apr 2017 23:29:25 +0200
Subject: [PATCH] Add Let's encrypt addon (#2)

* Add Let's encrypt addon

* fix copy past stuff

* Update README.md

* Update config.json

* Update config.json

* Update README.md

* Update script

* finish first version

* update description
---
 letsencrypt/Dockerfile  | 14 ++++++++++++++
 letsencrypt/README.md   |  9 +++++++++
 letsencrypt/config.json | 24 ++++++++++++++++++++++++
 letsencrypt/run.sh      | 39 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 86 insertions(+)
 create mode 100644 letsencrypt/Dockerfile
 create mode 100644 letsencrypt/README.md
 create mode 100644 letsencrypt/config.json
 create mode 100644 letsencrypt/run.sh

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
new file mode 100644
index 0000000..acb99bb
--- /dev/null
+++ b/letsencrypt/Dockerfile
@@ -0,0 +1,14 @@
+FROM %%BASE_IMAGE%%
+
+# Add version
+ENV VERSION %%VERSION%%
+ENV LANG C.UTF-8
+
+# Setup base
+RUN apk add --no-cache jq git python
+
+# Copy data
+COPY run.sh /
+RUN chmod 775 /run.sh
+
+CMD [ "/run.sh" ]
diff --git a/letsencrypt/README.md b/letsencrypt/README.md
new file mode 100644
index 0000000..4f96df8
--- /dev/null
+++ b/letsencrypt/README.md
@@ -0,0 +1,9 @@
+# Let's Encrypt
+Manage let's encrypt certificate for HomeAssistant and HassIO addons.
+
+First run generate certificates and next run of addon will renew it. You can automate the renew with HomeAssistant automation and call hassio.addon_start.
+
+## Options
+
+- `email`: your email address for register
+- `domains`: a list with domains
diff --git a/letsencrypt/config.json b/letsencrypt/config.json
new file mode 100644
index 0000000..4b28dac
--- /dev/null
+++ b/letsencrypt/config.json
@@ -0,0 +1,24 @@
+{
+  "name": "Let's Encrypt",
+  "version": "0.1",
+  "slug": "letsencrypt",
+  "description": "Manage let's encrypt certificate",
+  "startup": "once",
+  "boot": "manual",
+  "ports": {
+    "80/tcp": 80
+   },
+  "map_ssl": true,
+  "options": {
+    "email": null,
+    "domains": [null],
+    "certfile": "fullchain.pem",
+    "keyfile": "keyfile.pem"
+  },
+  "schema": {
+    "email": "email",
+    "domain": ["str"],
+    "certfile": "str",
+    "keyfile": "str"
+  }
+}
diff --git a/letsencrypt/run.sh b/letsencrypt/run.sh
new file mode 100644
index 0000000..df71223
--- /dev/null
+++ b/letsencrypt/run.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -e
+
+CERT_DIR=/data/letsencrypt
+WORK_DIR=/data/workdir
+CONFIG_PATH=/data/options.json
+
+EMAIL=$(jq --raw-output ".email" $CONFIG_PATH)
+DOMAINS=$(jq --raw-output ".domains[]" $CONFIG_PATH)
+KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH)
+CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH)
+
+# setup letsencrypt setup
+if [ ! -f /data/certbot-auto ]; then
+    cd /data
+    curl -O https://dl.eff.org/certbot-auto
+    chmod 775 certbot-auto
+fi
+
+# Start program
+if [ -d $CERT_DIR ]; then
+    /data/certbot-auto renew --non-interactive --config-dir $CERT_DIR --work-dir $WORK_DIR
+else
+    # generate domains
+    while IFS=$'\n' read -r line; do
+        if [ -z "$DOMAIN_ARG" ]; then
+            DOMAIN_ARG="-d $line"
+        else
+            DOMAIN_ARG="$DOMAIN_ARG -d $line"
+        fi
+    done <<< "$DOMAINS"
+
+    /data/certbot-auto certonly --non-interactive --standalone --email $EMAIL --config-dir $CERT_DIR --work-dir "$DOMAIN_ARG"
+fi
+
+# copy certs to store
+cp /data/letsencrypt/live/*/privkey.pem /ssl/KEYFILE
+cp /data/letsencrypt/live/*/fullchain.pem /ssl/CERTFILE