Compare commits
2 Commits
5a3ecb2c50
...
78f089b36c
Author | SHA1 | Date |
---|---|---|
Jim Hague | 78f089b36c | |
Jim Hague | 9d90d6c40f |
|
@ -0,0 +1 @@
|
||||||
|
pillar/secrets/*.sls
|
|
@ -0,0 +1,3 @@
|
||||||
|
[submodule "states/certificates/dehydrated/dehydrated-mythic-dns01"]
|
||||||
|
path = states/certificates/dehydrated/dehydrated-mythic-dns01
|
||||||
|
url = https://github.com/mythic-beasts/dehydrated-mythic-dns01
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 5877f5f3303658dce70e2b1e8e49755ffc1da141
|
|
@ -1,2 +0,0 @@
|
||||||
CHALLENGETYPE=dns-01
|
|
||||||
HOOK_CHAIN=yes
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
# Copyright (C) 2018 Mythic Beasts Ltd
|
|
||||||
|
|
||||||
. "$(dirname "$0")"/../common/mythic-dns01
|
|
||||||
|
|
||||||
echo -ne "$ARGS" | while read domain filename token; do
|
|
||||||
echo " ++ cleaning DNS for $domain"
|
|
||||||
call_api DELETE _acme-challenge.$domain $token
|
|
||||||
done
|
|
|
@ -1,73 +0,0 @@
|
||||||
# Copyright (C) Mythic Beasts Ltd 2018
|
|
||||||
|
|
||||||
CONFIG=${MYTHIC_DNS_CONFIG:-/etc/dehydrated/dnsapi.config.txt}
|
|
||||||
|
|
||||||
# configure the busy wait loop; max time is $SLEEP * $MAXTRIES
|
|
||||||
SLEEP=5
|
|
||||||
MAXTRIES=60
|
|
||||||
|
|
||||||
# all our public authoritative servers
|
|
||||||
SERVERS="ns1.mythic-beasts.com ns2.mythic-beasts.com"
|
|
||||||
|
|
||||||
# dig options
|
|
||||||
DIGOPT='+time=1 +tries=1 +short'
|
|
||||||
|
|
||||||
wait_for_dns() {
|
|
||||||
local key val i s
|
|
||||||
key="$1" val="$2"
|
|
||||||
for i in $(seq $MAXTRIES); do
|
|
||||||
for s in $SERVERS; do
|
|
||||||
if ! dig $DIGOPT @$s $key txt | grep -q -e $val; then
|
|
||||||
sleep $SLEEP
|
|
||||||
continue 2
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
break
|
|
||||||
done
|
|
||||||
if [ "$i" -eq "$MAXTRIES" ]; then
|
|
||||||
echo challenge record not found in DNS >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
call_api() {
|
|
||||||
local action key val dns_domain dns_api_pass rr_part dns_api_secret
|
|
||||||
action="$1" key="$2" val="$3"
|
|
||||||
while read dns_domain dns_api_pass dns_api_secret; do
|
|
||||||
case $key in
|
|
||||||
*$dns_domain)
|
|
||||||
rr_part=$(basename $key .$dns_domain)
|
|
||||||
|
|
||||||
# If we have a third component in the config file then use the v2 API.
|
|
||||||
if [ -z "${dns_api_secret}" ]; then
|
|
||||||
# use DNS API v1
|
|
||||||
echo -n "$dns_api_pass" |
|
|
||||||
curl --data-urlencode "domain=$dns_domain" --data-urlencode "password@-" --data-urlencode "command=$action $rr_part 30 TXT $val" https://dnsapi.mythic-beasts.com/
|
|
||||||
else
|
|
||||||
# use DNS API v2
|
|
||||||
case $action in
|
|
||||||
ADD)
|
|
||||||
# Use POST here rather than PUT as we may handle multiple challenges in a single run - for example both '*' and bare domain.
|
|
||||||
echo -n "user = ${dns_api_pass}:${dns_api_secret}" |
|
|
||||||
curl -f -K - -X POST "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT" -d data="${val}"
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Error adding DNS records"
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
DELETE)
|
|
||||||
echo -n "user = ${dns_api_pass}:${dns_api_secret}" |
|
|
||||||
curl -f -K - -X DELETE "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT"
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Error cleaning up DNS records"
|
|
||||||
exit 3
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done < $CONFIG
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
# Copyright (c) 2018 Mythic Beasts Ltd
|
|
||||||
|
|
||||||
group_args() {
|
|
||||||
local nl=$'\n'
|
|
||||||
ARGS=''
|
|
||||||
while [ "$1" ]; do ARGS="$ARGS$1 $2 $3$nl"; shift 3; done
|
|
||||||
export ARGS
|
|
||||||
}
|
|
||||||
|
|
||||||
action=$1
|
|
||||||
shift
|
|
||||||
|
|
||||||
case $action in
|
|
||||||
deploy_challenge|clean_challenge)
|
|
||||||
group_args "$@"
|
|
||||||
"$(dirname "$0")"/${action/_/-}/mythic-dns01
|
|
||||||
;;
|
|
||||||
esac
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
# Copyright (C) 2018 Mythic Beasts Ltd
|
|
||||||
|
|
||||||
. "$(dirname "$0")"/../common/mythic-dns01
|
|
||||||
|
|
||||||
echo -ne "$ARGS" | while read domain filename token; do
|
|
||||||
echo " ++ setting DNS for $domain"
|
|
||||||
call_api ADD _acme-challenge.$domain $token
|
|
||||||
done
|
|
||||||
echo -ne "$ARGS" | while read domain filename token; do
|
|
||||||
echo " ++ waiting DNS for $domain"
|
|
||||||
wait_for_dns _acme-challenge.$domain $token
|
|
||||||
done
|
|
Loading…
Reference in New Issue