starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 15:13:33 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Define an allowed prefix for custom config settings #176

New Issue
Closed
opened 2025-12-29 00:26:35 +01:00 by adam · 2 comments
adam commented 2025-12-29 00:26:35 +01:00
Owner
Copy Link

Originally created by @whereisaaron on GitHub (Dec 23, 2016).

Proposal

I'd like to propose defining an allowed prefix that end-user can use to add custom settings to dehydrated config files, e.g. CUSTOM_. This would work in the main config file and any custom settings can be added to, or overridden in the per-certificate config files.

Any settings with the CUSTOM_ prefix would be exported in to the environment used to run the hook script (via the HOOK setting). This would allow the hook script author to add parameterized custom behaviors on a global or per-cert basis.

For example to control the deploy_cert behavior user could define per-certificate settings like:

CUSTOM_RESTART_APACHE="yes"
CUSTOM_DEPLOY_CERT_DIR="/var/www/mysite/certs/"

or other behavior settings e.g.

CUSTOM_DNS_CHALLENGE_API="route53"
CUSTOM_RESTART_LIST="httpd webmin postfix"
CUSTOM_NOTIFY_URL="https://my.webhook/url"
CUSTOM_DEPLOY_SSH="ssh://server2.example.com/var/www/mysite2/"

It would be up to hook script author to pull these settings from the script environment and implement the behaviors with in the hook functions.

Background

dehydrated only a fixed set of settings in its config file and only allows a fixed set of settings to be overridden in per-certificate config files. This is to protect the user from overriding an internal variable by mistake and breaking things. The custom prefix would be a safe way to extend the settings while keeping this protection.

    # read cert config
    # for now this loads the certificate specific config in a subshell and parses a diff of set variables.
    # we could just source the config file but i decided to go this way to protect people from accidentally overriding
    # variables used internally by this script itself.
Originally created by @whereisaaron on GitHub (Dec 23, 2016). ## Proposal I'd like to propose defining an allowed prefix that end-user can use to add custom settings to `dehydrated` `config` files, e.g. `CUSTOM_`. This would work in the main `config` file and any custom settings can be added to, or overridden in the per-certificate `config` files. Any settings with the `CUSTOM_` prefix would be exported in to the environment used to run the hook script (via the HOOK setting). This would allow the hook script author to add parameterized custom behaviors on a global or per-cert basis. For example to control the `deploy_cert` behavior user could define per-certificate settings like: ``` CUSTOM_RESTART_APACHE="yes" CUSTOM_DEPLOY_CERT_DIR="/var/www/mysite/certs/" ``` or other behavior settings e.g. ``` CUSTOM_DNS_CHALLENGE_API="route53" CUSTOM_RESTART_LIST="httpd webmin postfix" CUSTOM_NOTIFY_URL="https://my.webhook/url" CUSTOM_DEPLOY_SSH="ssh://server2.example.com/var/www/mysite2/" ``` It would be up to hook script author to pull these settings from the script environment and implement the behaviors with in the hook functions. ## Background `dehydrated` only a fixed set of settings in its `config` file and only allows a fixed set of settings to be overridden in per-certificate `config` files. This is to protect the user from overriding an internal variable by mistake and breaking things. The custom prefix would be a safe way to extend the settings while keeping this protection. ``` # read cert config # for now this loads the certificate specific config in a subshell and parses a diff of set variables. # we could just source the config file but i decided to go this way to protect people from accidentally overriding # variables used internally by this script itself. ```
adam closed this issue 2025-12-29 00:26:37 +01:00
adam commented 2025-12-29 00:26:38 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jan 30, 2017):

I don't think this is necessary: CERTDIR is exported and the certificate name is given for all important hooks, so you could easily just create a custom config file and source it inside your hook, no need to modify dehydrated for this and I think it's actually cleaner because you have your separate config file for your hook script.

@lukas2511 commented on GitHub (Jan 30, 2017): I don't think this is necessary: CERTDIR is exported and the certificate name is given for all important hooks, so you could easily just create a custom config file and source it inside your hook, no need to modify dehydrated for this and I think it's actually cleaner because you have your separate config file for your hook script.
adam commented 2025-12-29 00:26:38 +01:00
Author
Owner
Copy Link

@whereisaaron commented on GitHub (Jan 30, 2017):

I get that. The hook.sh could check for and source e.g. $CERTDIR/hook-config to get this stuff.

@whereisaaron commented on GitHub (Jan 30, 2017): I get that. The `hook.sh` could check for and source e.g. `$CERTDIR/hook-config` to get this stuff.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#176
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?