Inital Commit

2025-10-26 21:11:06 +01:00
commit 7f093a66e3
13 changed files with 960 additions and 0 deletions
--- a/root/DEBIAN/conffiles
+++ b/root/DEBIAN/conffiles
@@ -0,0 +1 @@
+/etc/traefik/acme-hook
--- a/root/DEBIAN/control
+++ b/root/DEBIAN/control
@@ -0,0 +1,10 @@
+Package: traefik-certs-dumper
+Version: 2.10.0
+Architecture:
+Installed-Size:
+Depends: traefik
+Priority: optional
+Section: misc
+Homepage: http://www.privlab.it
+Maintainer: PrivLab <hostmaster@privlab.it>
+Description: Dump Let's Encrypt certificates from Traefik
--- a/root/DEBIAN/postinst
+++ b/root/DEBIAN/postinst
@@ -0,0 +1,42 @@
+#!/usr/bin/sh
+
+set -e
+set -u
+
+if [ -d '/run/systemd/system' ]; then
+  /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+    /usr/bin/true
+fi
+
+case "${1}" in
+  configure)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper unmask 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if /usr/bin/deb-systemd-helper --quiet was-enabled 'traefik-certs-dumper.service'; then
+      /usr/bin/deb-systemd-helper enable 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    else
+      /usr/bin/deb-systemd-helper update-state 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if [ -x '/etc/init.d/traefik-certs-dumper' ]; then
+      /usr/sbin/update-rc.d 'traefik-certs-dumper' defaults > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    /usr/bin/chown --quiet 'traefik':'traefik' '/var/lib/traefik/acme-repository'
+    /usr/bin/chown --quiet 'traefik' '/etc/traefik/acme-hook'
+    if [ -x '/usr/bin/deb-systemd-invoke' ]; then
+      /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      if [ -n "${2}" ]; then
+        _dh_action='restart'
+      else
+        _dh_action='start'
+      fi
+      /usr/bin/deb-systemd-invoke "${_dh_action}" 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+esac
--- a/root/DEBIAN/postrm
+++ b/root/DEBIAN/postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+set -u
+
+if [ -d '/run/systemd/system' ]; then
+  /usr/bin/systemctl --system daemon-reload > '/dev/null' 2>&1 || \
+    /usr/bin/true
+fi
+
+case "${1}" in
+  remove)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper mask 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+  purge)
+    if [ -x '/usr/bin/deb-systemd-helper' ]; then
+      /usr/bin/deb-systemd-helper purge 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      /usr/bin/deb-systemd-helper unmask 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    /usr/bin/rm --force --recursive '/var/lib/traefik/acme-repository/'*
+    /usr/bin/rm --force --recursive '/var/lib/traefik/acme-repository/'.*
+  ;;
+esac
--- a/root/DEBIAN/prerm
+++ b/root/DEBIAN/prerm
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+set -u
+
+case "${1}" in
+  remove)
+    if [ -x '/usr/bin/deb-systemd-invoke' ]; then
+      /usr/bin/deb-systemd-invoke stop 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+      /usr/bin/deb-systemd-invoke disable 'traefik-certs-dumper.service' > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+    if [ -x '/etc/init.d/traefik-certs-dumper' ]; then
+      /usr/sbin/update-rc.d 'traefik-certs-dumper' remove > '/dev/null' 2>&1 || \
+        /usr/bin/true
+    fi
+  ;;
+esac
--- a/root/etc/init.d/traefik-certs-dumper
+++ b/root/etc/init.d/traefik-certs-dumper
@@ -0,0 +1,83 @@
+#!/usr/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          traefik-certs-dumper
+# Required-Start:    $local_fs $network $remote_fs
+# Required-Stop:     $local_fs $network $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Dump Let's Encrypt certificates from Traefik.
+# Description:       The traefik-certs-dumper is a tool for extracting and
+#                    managing SSL/TLS certificates from Traefik, a reverse
+#                    proxy and load balancer. It simplifies the backup and
+#                    transfer of certificates, making it useful for developers
+#                    and system administrators focused on application security.
+### END INIT INFO
+
+NAME='traefik-certs-dumper'
+DESC='Traefik Certificates Dumper'
+USER='traefik'
+GROUP='traefik'
+PIDFOLDER="/run/traefik"
+PIDFILE="${PIDFOLDER}/traefik-certs-dumper.pid"
+DAEMON='/usr/sbin/traefik-certs-dumper'
+DAEMON_DESTINATION='/var/lib/traefik/acme-repository'
+DAEMON_OPTS="file --source '/var/lib/traefik/acme.json' --version 'v3' --crt-name 'root' --dest ${DAEMON_DESTINATION} --domain-subdir --key-name 'root' --post-hook '/etc/traefik/acme-hook' --watch"
+
+set -e
+
+. '/lib/lsb/init-functions'
+
+[ -x "${DAEMON}" ]
+
+case "${1}" in
+  start)
+    /usr/bin/install --directory --group="${GROUP}" ---mode='0755' --owner="${USER}" "${PIDFOLDER}"
+    log_daemon_msg "Starting ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --start \
+                                   --oknodo \
+                                   --make-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}" -- "${DAEMON_OPTS}"; then
+      log_end_msg 0
+    else
+      log_end_msg 1
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+    fi
+  ;;
+  stop)
+    log_daemon_msg "Stopping ${DESC}" "${NAME}"
+    if /usr/sbin/start-stop-daemon --quiet \
+                                   --stop \
+                                   --oknodo \
+                                   --retry 30 \
+                                   --remove-pidfile \
+                                   --pidfile "${PIDFILE}" \
+                                   --user "${USER}" \
+                                   --group "${GROUP}" \
+                                   --exec "${DAEMON}"; then
+      /usr/bin/test -f "${PIDFILE}" && \
+        /usr/bin/rm --force "${PIDFILE}"
+      log_end_msg 0
+    else
+      log_end_msg 1
+    fi
+  ;;
+  restart)
+    "${0}" stop
+    "${0}" start
+  ;;
+  status)
+    status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}" && \
+      exit 0 || \
+      exit "${?}"
+  ;;
+  *)
+    echo "Usage: /etc/init.d/${NAME} {start|stop|restart|status}" >&2
+    exit 1
+  ;;
+esac
--- a/root/etc/traefik/acme-hook
+++ b/root/etc/traefik/acme-hook
@@ -0,0 +1,33 @@
+#!/usr/bin/bash
+
+
+###
+#
+# Options Section
+#
+###
+
+set -e
+set -u
+set -o pipefail
+
+
+###
+#
+# Variables Section
+#
+###
+
+
+###
+#
+# Function Section
+#
+###
+
+
+###
+#
+# Runtime Environment
+#
+###
--- a/root/lib/systemd/system/traefik-certs-dumper.service
+++ b/root/lib/systemd/system/traefik-certs-dumper.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Traefik Certificate Dumper
+ConditionPathExists=/etc/traefik/acme-hook
+ConditionPathExists=/var/lib/traefik/acme.json
+StartLimitBurst=24
+StartLimitIntervalSec=3600
+After=network.target network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+Restart=on-failure
+ExecStart=/usr/sbin/traefik-certs-dumper file --source '/var/lib/traefik/acme.json' --version 'v3' --crt-name 'root' --dest '/var/lib/traefik/acme-repository' --domain-subdir --key-name 'root' --post-hook '/etc/traefik/acme-hook' --watch
+ExecStartPost=/bin/sh -c "umask '022'; pgrep -n 'traefik-certs' > '/run/traefik/traefik-certs-dumper.pid'"
+ExecStop=/bin/rm --force '/run/traefik/traefik-certs-dumper.pid'
+User=traefik
+Group=traefik
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=strict
+RuntimeDirectory=traefik
+RuntimeDirectoryMode=755
+RuntimeDirectoryPreserve=yes
+ReadOnlyDirectories=/etc/traefik
+ReadOnlyDirectories=/var/lib/traefik
+ReadWriteDirectories=/var/lib/traefik/acme-repository
+WorkingDirectory=/var/lib/traefik
+
+[Install]
+WantedBy=multi-user.target