# Copyright (C) Mythic Beasts Ltd 2018 CONFIG=${MYTHIC_DNS_CONFIG:-/etc/dehydrated/dnsapi.config.txt} # configure the busy wait loop; max time is $SLEEP * $MAXTRIES SLEEP=5 MAXTRIES=60 # all our public authoritative servers SERVERS="ns1.mythic-beasts.com ns2.mythic-beasts.com" # dig options DIGOPT='+time=1 +tries=1 +short' wait_for_dns() { local key val i s key="$1" val="$2" for i in $(seq $MAXTRIES); do for s in $SERVERS; do if ! dig $DIGOPT @$s $key txt | grep -q -e $val; then sleep $SLEEP continue 2 fi done break done if [ "$i" -eq "$MAXTRIES" ]; then echo challenge record not found in DNS >&2 exit 1 fi } call_api() { local action key val dns_domain dns_api_pass rr_part dns_api_secret action="$1" key="$2" val="$3" while read dns_domain dns_api_pass dns_api_secret; do case $key in *$dns_domain) rr_part=$(basename $key .$dns_domain) # If we have a third component in the config file then use the v2 API. if [ -z "${dns_api_secret}" ]; then # use DNS API v1 echo -n "$dns_api_pass" | curl --data-urlencode "domain=$dns_domain" --data-urlencode "password@-" --data-urlencode "command=$action $rr_part 30 TXT $val" https://dnsapi.mythic-beasts.com/ else # use DNS API v2 case $action in ADD) # Use POST here rather than PUT as we may handle multiple challenges in a single run - for example both '*' and bare domain. echo -n "user = ${dns_api_pass}:${dns_api_secret}" | curl -f -K - -X POST "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT" -d data="${val}" if [ $? -ne 0 ]; then echo "Error adding DNS records" exit 2 fi ;; DELETE) echo -n "user = ${dns_api_pass}:${dns_api_secret}" | curl -f -K - -X DELETE "https://api.mythic-beasts.com/dns/v2/zones/${dns_domain}/records/${rr_part}/TXT" if [ $? -ne 0 ]; then echo "Error cleaning up DNS records" exit 3 fi ;; esac fi break ;; esac done < $CONFIG }