mmw-agent/internal/acme/deployer.go

package acme

import (
	"fmt"
	"os"
	"os/exec"
	"path/filepath"
)

// DeployCertFiles writes cert and key PEM to the specified paths.
func DeployCertFiles(certPEM, keyPEM, certPath, keyPath string) error {
	if certPath == "" || keyPath == "" {
		return fmt.Errorf("deploy paths are required")
	}

	if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil {
		return fmt.Errorf("create cert dir: %w", err)
	}
	if err := os.MkdirAll(filepath.Dir(keyPath), 0755); err != nil {
		return fmt.Errorf("create key dir: %w", err)
	}

	if err := os.WriteFile(certPath, []byte(certPEM), 0644); err != nil {
		return fmt.Errorf("write cert: %w", err)
	}
	if err := os.WriteFile(keyPath, []byte(keyPEM), 0600); err != nil {
		return fmt.Errorf("write key: %w", err)
	}
	return nil
}

// ReloadNginx sends a reload signal to nginx.
func ReloadNginx() error {
	cmd := exec.Command("nginx", "-s", "reload")
	if output, err := cmd.CombinedOutput(); err != nil {
		return fmt.Errorf("nginx reload: %s: %w", string(output), err)
	}
	return nil
}

// RestartXray restarts the xray service via systemctl.
func RestartXray() error {
	cmd := exec.Command("systemctl", "restart", "xray")
	if output, err := cmd.CombinedOutput(); err != nil {
		return fmt.Errorf("xray restart: %s: %w", string(output), err)
	}
	return nil
}

// Deploy writes cert files and optionally reloads services.
func Deploy(certPEM, keyPEM, certPath, keyPath, reloadTarget string) error {
	if err := DeployCertFiles(certPEM, keyPEM, certPath, keyPath); err != nil {
		return err
	}

	switch reloadTarget {
	case "nginx":
		return ReloadNginx()
	case "xray":
		return RestartXray()
	case "both":
		if err := ReloadNginx(); err != nil {
			return err
		}
		return RestartXray()
	}
	return nil
}
init 2026-03-12 16:13:50 +08:00			`package acme`

			`import (`
			`"fmt"`
			`"os"`
			`"os/exec"`
			`"path/filepath"`
			`)`

			`// DeployCertFiles writes cert and key PEM to the specified paths.`
			`func DeployCertFiles(certPEM, keyPEM, certPath, keyPath string) error {`
			`if certPath == "" \|\| keyPath == "" {`
			`return fmt.Errorf("deploy paths are required")`
			`}`

			`if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil {`
			`return fmt.Errorf("create cert dir: %w", err)`
			`}`
			`if err := os.MkdirAll(filepath.Dir(keyPath), 0755); err != nil {`
			`return fmt.Errorf("create key dir: %w", err)`
			`}`

			`if err := os.WriteFile(certPath, []byte(certPEM), 0644); err != nil {`
			`return fmt.Errorf("write cert: %w", err)`
			`}`
			`if err := os.WriteFile(keyPath, []byte(keyPEM), 0600); err != nil {`
			`return fmt.Errorf("write key: %w", err)`
			`}`
			`return nil`
			`}`

			`// ReloadNginx sends a reload signal to nginx.`
			`func ReloadNginx() error {`
			`cmd := exec.Command("nginx", "-s", "reload")`
			`if output, err := cmd.CombinedOutput(); err != nil {`
			`return fmt.Errorf("nginx reload: %s: %w", string(output), err)`
			`}`
			`return nil`
			`}`

			`// RestartXray restarts the xray service via systemctl.`
			`func RestartXray() error {`
			`cmd := exec.Command("systemctl", "restart", "xray")`
			`if output, err := cmd.CombinedOutput(); err != nil {`
			`return fmt.Errorf("xray restart: %s: %w", string(output), err)`
			`}`
			`return nil`
			`}`

			`// Deploy writes cert files and optionally reloads services.`
			`func Deploy(certPEM, keyPEM, certPath, keyPath, reloadTarget string) error {`
			`if err := DeployCertFiles(certPEM, keyPEM, certPath, keyPath); err != nil {`
			`return err`
			`}`

			`switch reloadTarget {`
			`case "nginx":`
			`return ReloadNginx()`
			`case "xray":`
			`return RestartXray()`
			`case "both":`
			`if err := ReloadNginx(); err != nil {`
			`return err`
			`}`
			`return RestartXray()`
			`}`
			`return nil`
			`}`