feat(server-api): Implement support for staging acme certificates

Related to https://letsencrypt.org/docs/staging-environment/ to not get domain banned by constant renewal
2022-11-17 11:21:49 +04:00 · 2022-11-17 11:21:49 +04:00 · 611fe6bf45
parent 51dc4c67b2
commit 611fe6bf45
3 changed files with 7 additions and 2 deletions
--- a/lib/logic/api_maps/rest_maps/server_providers/digital_ocean/digital_ocean.dart
+++ b/lib/logic/api_maps/rest_maps/server_providers/digital_ocean/digital_ocean.dart
@ -322,7 +322,7 @@ class DigitalOceanApi extends ServerProviderApi with VolumeProviderApi {
    const String infectBranch = 'providers/digital-ocean';

    final String userdataString =
-        "#cloud-config\nruncmd:\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$infectBranch/nixos-infect | PROVIDER=$infectProviderName DOMAIN='$domainName' LUSER='${rootUser.login}' ENCODED_PASSWORD='$base64Password' CF_TOKEN=$dnsApiToken DB_PASSWORD=$dbPassword API_TOKEN=$apiToken HOSTNAME=$formattedHostname bash 2>&1 | tee /tmp/infect.log";
+        "#cloud-config\nruncmd:\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$infectBranch/nixos-infect | PROVIDER=$infectProviderName STAGING_ACME='$stagingAcme' DOMAIN='$domainName' LUSER='${rootUser.login}' ENCODED_PASSWORD='$base64Password' CF_TOKEN=$dnsApiToken DB_PASSWORD=$dbPassword API_TOKEN=$apiToken HOSTNAME=$formattedHostname bash 2>&1 | tee /tmp/infect.log";
    print(userdataString);

    final Dio client = await getClient();
--- a/lib/logic/api_maps/rest_maps/server_providers/hetzner/hetzner.dart
+++ b/lib/logic/api_maps/rest_maps/server_providers/hetzner/hetzner.dart
@ -360,7 +360,7 @@ class HetznerApi extends ServerProviderApi with VolumeProviderApi {
        base64.encode(utf8.encode(rootUser.password ?? 'PASS'));

    final String userdataString =
-        "#cloud-config\nruncmd:\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$infectBranch/nixos-infect | PROVIDER=$infectProviderName NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${rootUser.login}' ENCODED_PASSWORD='$base64Password' CF_TOKEN=$dnsApiToken DB_PASSWORD=$dbPassword API_TOKEN=$apiToken HOSTNAME=$hostname bash 2>&1 | tee /tmp/infect.log";
+        "#cloud-config\nruncmd:\n- curl https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect/raw/branch/$infectBranch/nixos-infect | STAGING_ACME='$stagingAcme' PROVIDER=$infectProviderName NIX_CHANNEL=nixos-21.05 DOMAIN='$domainName' LUSER='${rootUser.login}' ENCODED_PASSWORD='$base64Password' CF_TOKEN=$dnsApiToken DB_PASSWORD=$dbPassword API_TOKEN=$apiToken HOSTNAME=$hostname bash 2>&1 | tee /tmp/infect.log";

    ServerHostingDetails? serverDetails;
    DioError? hetznerError;
--- a/lib/logic/api_maps/rest_maps/server_providers/server_provider.dart
+++ b/lib/logic/api_maps/rest_maps/server_providers/server_provider.dart
@ -55,4 +55,9 @@ abstract class ServerProviderApi extends ApiMap {
  /// Actual provider name to render on information page for user,
  /// for example 'Digital Ocean' for Digital Ocean
  String get appearanceProviderName;
+
+  /// Whether we request for staging temprorary certificates.
+  /// Hardcode to 'true' in the middle of testing to not
+  /// get your domain banned but constant certificate renewal
+  String get stagingAcme => 'false';
 }