[__recycledcloud_nginx*] add support for alternative domains

type/__recycledcloud_nginx/man.rst

@@ -21,6 +21,13 @@ config
   Custom NGINX logic, templated within a standard `server` section with
   `server_name` and TLS parameters set. Defaults to simple static hosting.
 
+altdomains
+  Alternative domain names for this vhost and related TLS certificate.
+
+uacme-hookscript
+  Custom hook passed to the __uacme_obtain type: useful to integrate the
+  dns-01 challenge with third-party DNS providers.
+
 AUTHORS
 -------
 Timothée Floure <timothee.floure@posteo.net>

type/__recycledcloud_nginx/manifest

@@ -23,9 +23,22 @@ else
 	domain="${__object_id:?}"
 fi
 
+altdomains=
+if [ -f "${__object:?}/parameter/altdomains" ];
+then
+	altdomains="$(cat "${__object:?}/parameter/altdomains")"
+fi
+
+set_custom_uacme_hookscript=
+if [ -f "${__object:?}/parameter/uacme-hookscript" ];
+then
+	uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")"
+	set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
+fi
+
 # Deploy simple HTTP vhost, allowing to serve ACME challenges.
 __recycledcloud_nginx_vhost "301-to-https-$domain" \
-	--domain "$domain" --to-https
+	--domain "$domain" --altdomains "$altdomains" --to-https
 
 # Obtaining TLS cert.
 cert_ownership=$nginx_user
@@ -34,8 +47,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
 fi
 
 __uacme_account
+# shellcheck disable=SC2086
 require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
-	__uacme_obtain "$domain" --owner $cert_ownership \
+	__uacme_obtain "$domain" \
+		--altdomains "$altdomains" \
+		$set_custom_uacme_hookscript \
+		--owner "$cert_ownership" \
 		--install-key-to "$nginx_certdir/$domain/privkey.pem" \
 		--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
 		--renew-hook "service nginx reload"
@@ -52,7 +69,8 @@ if [ -f "${__object:?}/parameter/config" ]; then
 	cat "$nginx_logic" > "${__object:?}/files/config"
 
 	require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
-		--config "${__object:?}/files/config"
+		--altdomains "$altdomains" --config "${__object:?}/files/config"
 else
-	require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain"
+	require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
+		--altdomains "$altdomains"
 fi

type/__recycledcloud_nginx/parameter/optional

@@ -1,3 +1,5 @@
 config
 domain
+altdomains
+uacme-hookscript
 force-cert-ownership-to

type/__recycledcloud_nginx_vhost/files/generic.conf.sh

@@ -10,7 +10,7 @@ cat <<- EOF
 EOF
 
 # Name
-echo "server_name ${DOMAIN:?};"
+echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
 
 # ACME challenges.
 cat << EOF

type/__recycledcloud_nginx_vhost/files/to-https.conf.sh

@@ -10,7 +10,7 @@ cat <<- EOF
 EOF
 
 # Name
-echo "server_name ${DOMAIN:?};"
+echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
 
 # ACME challenges.
 cat << EOF

type/__recycledcloud_nginx_vhost/man.rst

@@ -52,6 +52,9 @@ lport
   The port to which we listen. If this is omitted, the defaults of `80` for
   HTTP and `443` for HTTPS are used.
 
+altdomains
+  Alternative domain names for this vhost.
+
 BOOLEAN PARAMETERS
 ------------------
 

type/__recycledcloud_nginx_vhost/manifest

@@ -63,6 +63,13 @@ else
 fi
 export DOMAIN
 
+ALTDOMAINS=
+if [ -f "${__object:?}/parameter/altdomains" ];
+then
+	ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")"
+fi
+export ALTDOMAINS
+
 # Use TLS ?
 if [ -f "${__object:?}/parameter/no-tls" ];
 then

type/__recycledcloud_nginx_vhost/parameter/optional

@@ -1,3 +1,3 @@
 domain
-lport
 config
+altdomains