neil
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 348 additions and 26 deletions
-
4.github/workflows/FreeBSD.yml
-
4.github/workflows/Linux.yml
-
4.github/workflows/MacOS.yml
-
4.github/workflows/PebbleStrict.yml
-
4.github/workflows/Solaris.yml
-
6.github/workflows/Ubuntu.yml
-
4.github/workflows/Windows.yml
-
5.github/workflows/dockerhub.yml
-
4.github/workflows/shellcheck.yml
-
22acme.sh
-
98deploy/consul.sh
-
204dnsapi/dns_azion.sh
-
9dnsapi/dns_pdns.sh
-
2notify/telegram.sh
@ -0,0 +1,98 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a script to deploy cert to hashicorp consul using curl |
||||
|
# (https://www.consul.io/) |
||||
|
# |
||||
|
# it requires following environment variables: |
||||
|
# |
||||
|
# CONSUL_PREFIX - this contains the prefix path in consul |
||||
|
# CONSUL_HTTP_ADDR - consul requires this to find your consul server |
||||
|
# |
||||
|
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available |
||||
|
# to access the consul server |
||||
|
|
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
consul_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# validate required env vars |
||||
|
_getdeployconf CONSUL_PREFIX |
||||
|
if [ -z "$CONSUL_PREFIX" ]; then |
||||
|
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" |
||||
|
|
||||
|
_getdeployconf CONSUL_HTTP_ADDR |
||||
|
if [ -z "$CONSUL_HTTP_ADDR" ]; then |
||||
|
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" |
||||
|
|
||||
|
CONSUL_CMD=$(command -v consul) |
||||
|
|
||||
|
# force CLI, but the binary does not exist => error |
||||
|
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then |
||||
|
_err "Cannot find the consul binary!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# use the CLI first |
||||
|
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then |
||||
|
_info "Found consul binary, deploying with CLI" |
||||
|
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" |
||||
|
else |
||||
|
_info "Did not find consul binary, deploying with API" |
||||
|
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_api() { |
||||
|
CONSUL_HTTP_ADDR="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
CONSUL_HTTP_TOKEN="$3" |
||||
|
|
||||
|
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" |
||||
|
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 |
||||
|
else |
||||
|
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 |
||||
|
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
consul_deploy_cli() { |
||||
|
CONSUL_CMD="$1" |
||||
|
CONSUL_PREFIX="$2" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 |
||||
|
else |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 |
||||
|
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,204 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AZION_Email="" |
||||
|
#AZION_Password="" |
||||
|
# |
||||
|
|
||||
|
AZION_Api="https://api.azionapi.net" |
||||
|
|
||||
|
######## Public functions ######## |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_azion_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Add or update record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record updated." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
else |
||||
|
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" |
||||
|
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Record added." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
fi |
||||
|
_err "Failed to add or update record." |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_azion_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "Detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain not found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
|
||||
|
_info "Removing record" |
||||
|
_get_record "$_domain_id" "$_sub_domain" |
||||
|
if [ "$record_id" ]; then |
||||
|
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then |
||||
|
_info "Record removed." |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Failed to remove record." |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_info "Record not found or already removed." |
||||
|
return 0 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
# Usage: _acme-challenge.www.domain.com |
||||
|
# returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
# not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"domain\":\"$h\""; then |
||||
|
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_record() { |
||||
|
_domain_id=$1 |
||||
|
_record=$2 |
||||
|
|
||||
|
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"entry\":\"$_record\""; then |
||||
|
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"") |
||||
|
if [ "$_json_record" ]; then |
||||
|
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
||||
|
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_token() { |
||||
|
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}" |
||||
|
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" |
||||
|
|
||||
|
if ! _contains "$AZION_Email" "@"; then |
||||
|
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then |
||||
|
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable AZION_Email "$AZION_Email" |
||||
|
_saveaccountconf_mutable AZION_Password "$AZION_Password" |
||||
|
|
||||
|
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64) |
||||
|
_debug _basic_auth "$_basic_auth" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: Basic $_basic_auth" |
||||
|
|
||||
|
response="$(_post "" "$AZION_Api/tokens" "" "POST")" |
||||
|
if _contains "$response" "\"token\":\"" >/dev/null; then |
||||
|
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
||||
|
export AZION_Token="$_azion_token" |
||||
|
else |
||||
|
_err "Failed to generate Azion token" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_azion_rest() { |
||||
|
_method=$1 |
||||
|
_uri="$2" |
||||
|
_data="$3" |
||||
|
|
||||
|
if [ -z "$AZION_Token" ]; then |
||||
|
_get_token |
||||
|
fi |
||||
|
_debug2 token "$AZION_Token" |
||||
|
|
||||
|
export _H1="Accept: application/json; version=3" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: token $AZION_Token" |
||||
|
|
||||
|
if [ "$_method" != "GET" ]; then |
||||
|
_debug _data "$_data" |
||||
|
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" |
||||
|
else |
||||
|
response="$(_get "$AZION_Api/$_uri")" |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $_method $_uri $_data" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue