Владимир Алексеев
2 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
125 changed files with 2629 additions and 888 deletions
-
3.github/workflows/DNS.yml
-
2.github/workflows/Linux.yml
-
2.github/workflows/PebbleStrict.yml
-
15.github/workflows/dockerhub.yml
-
2.github/workflows/pr_notify.yml
-
759acme.sh
-
88deploy/ali_cdn.sh
-
88deploy/ali_dcdn.sh
-
1deploy/exim4.sh
-
7deploy/routeros.sh
-
49deploy/synology_dsm.sh
-
84deploy/unifi.sh
-
8deploy/vault.sh
-
2deploy/vsftpd.sh
-
5dnsapi/dns_1984hosting.sh
-
6dnsapi/dns_active24.sh
-
4dnsapi/dns_ad.sh
-
139dnsapi/dns_ali.sh
-
184dnsapi/dns_alviy.sh
-
7dnsapi/dns_anx.sh
-
4dnsapi/dns_arvan.sh
-
4dnsapi/dns_aurora.sh
-
4dnsapi/dns_autodns.sh
-
4dnsapi/dns_aws.sh
-
4dnsapi/dns_azion.sh
-
31dnsapi/dns_azure.sh
-
8dnsapi/dns_bunny.sh
-
4dnsapi/dns_cf.sh
-
2dnsapi/dns_cloudns.sh
-
4dnsapi/dns_cn.sh
-
4dnsapi/dns_conoha.sh
-
4dnsapi/dns_constellix.sh
-
2dnsapi/dns_curanet.sh
-
4dnsapi/dns_da.sh
-
4dnsapi/dns_desec.sh
-
6dnsapi/dns_dgon.sh
-
2dnsapi/dns_dnsexit.sh
-
4dnsapi/dns_dnsimple.sh
-
3dnsapi/dns_doapi.sh
-
4dnsapi/dns_domeneshop.sh
-
4dnsapi/dns_dp.sh
-
4dnsapi/dns_dpi.sh
-
4dnsapi/dns_durabledns.sh
-
4dnsapi/dns_dynu.sh
-
13dnsapi/dns_dynv6.sh
-
4dnsapi/dns_easydns.sh
-
4dnsapi/dns_euserv.sh
-
4dnsapi/dns_exoscale.sh
-
2dnsapi/dns_fornex.sh
-
4dnsapi/dns_gandi_livedns.sh
-
6dnsapi/dns_gcore.sh
-
4dnsapi/dns_gd.sh
-
2dnsapi/dns_geoscaling.sh
-
2dnsapi/dns_googledomains.sh
-
2dnsapi/dns_he.sh
-
4dnsapi/dns_hetzner.sh
-
4dnsapi/dns_hexonet.sh
-
4dnsapi/dns_huaweicloud.sh
-
4dnsapi/dns_internetbs.sh
-
17dnsapi/dns_inwx.sh
-
4dnsapi/dns_ionos.sh
-
145dnsapi/dns_ionos_cloud.sh
-
2dnsapi/dns_ispconfig.sh
-
4dnsapi/dns_jd.sh
-
2dnsapi/dns_joker.sh
-
4dnsapi/dns_kappernet.sh
-
4dnsapi/dns_la.sh
-
4dnsapi/dns_limacity.sh
-
4dnsapi/dns_linode.sh
-
4dnsapi/dns_linode_v4.sh
-
4dnsapi/dns_loopia.sh
-
4dnsapi/dns_lua.sh
-
2dnsapi/dns_maradns.sh
-
4dnsapi/dns_me.sh
-
10dnsapi/dns_miab.sh
-
4dnsapi/dns_misaka.sh
-
4dnsapi/dns_mydnsjp.sh
-
4dnsapi/dns_mythic_beasts.sh
-
12dnsapi/dns_namecheap.sh
-
6dnsapi/dns_namecom.sh
-
6dnsapi/dns_namesilo.sh
-
4dnsapi/dns_nederhost.sh
-
4dnsapi/dns_neodigit.sh
-
7dnsapi/dns_netlify.sh
-
2dnsapi/dns_nic.sh
-
4dnsapi/dns_njalla.sh
-
4dnsapi/dns_nsone.sh
-
16dnsapi/dns_nsupdate.sh
-
4dnsapi/dns_nw.sh
-
4dnsapi/dns_oci.sh
-
395dnsapi/dns_omglol.sh
-
4dnsapi/dns_one.sh
-
4dnsapi/dns_online.sh
-
6dnsapi/dns_openprovider.sh
-
6dnsapi/dns_opnsense.sh
-
6dnsapi/dns_ovh.sh
-
4dnsapi/dns_pdns.sh
-
4dnsapi/dns_pointhq.sh
-
8dnsapi/dns_porkbun.sh
-
4dnsapi/dns_rackcorp.sh
759
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,88 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# shellcheck disable=SC2034,SC2154 |
||||
|
|
||||
|
# Script to create certificate to Alibaba Cloud CDN |
||||
|
# |
||||
|
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun |
||||
|
# |
||||
|
# This deployment required following variables |
||||
|
# export Ali_Key="ALIACCESSKEY" |
||||
|
# export Ali_Secret="ALISECRETKEY" |
||||
|
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
||||
|
# |
||||
|
# To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
||||
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com" |
||||
|
# If you have multiple CDN domains using the same certificate, just |
||||
|
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com" |
||||
|
# |
||||
|
# For DCDN, see ali_dcdn deploy hook |
||||
|
|
||||
|
Ali_CDN_API="https://cdn.aliyuncs.com/" |
||||
|
|
||||
|
ali_cdn_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
||||
|
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
||||
|
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
||||
|
# shellcheck source=/dev/null |
||||
|
if ! . "$dnsapi_ali"; then |
||||
|
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_prepare_ali_credentials || return 1 |
||||
|
|
||||
|
_getdeployconf DEPLOY_ALI_CDN_DOMAIN |
||||
|
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then |
||||
|
_savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN" |
||||
|
else |
||||
|
DEPLOY_ALI_CDN_DOMAIN="$_cdomain" |
||||
|
fi |
||||
|
|
||||
|
# read cert and key files and urlencode both |
||||
|
_cert=$(_url_encode upper-hex <"$_cfullchain") |
||||
|
_key=$(_url_encode upper-hex <"$_ckey") |
||||
|
|
||||
|
_debug2 _cert "$_cert" |
||||
|
_debug2 _key "$_key" |
||||
|
|
||||
|
## update domain ssl config |
||||
|
for domain in $DEPLOY_ALI_CDN_DOMAIN; do |
||||
|
_set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" |
||||
|
if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then |
||||
|
_info "Domain $domain certificate has been deployed successfully" |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# domain pub pri |
||||
|
_set_cdn_domain_ssl_certificate_query() { |
||||
|
endpoint=$Ali_CDN_API |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=SetCdnDomainSSLCertificate' |
||||
|
query=$query'&CertType=upload' |
||||
|
query=$query'&DomainName='$1 |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&SSLPri='$3 |
||||
|
query=$query'&SSLProtocol=on' |
||||
|
query=$query'&SSLPub='$2 |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&Version=2018-05-10' |
||||
|
} |
@ -0,0 +1,88 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# shellcheck disable=SC2034,SC2154 |
||||
|
|
||||
|
# Script to create certificate to Alibaba Cloud DCDN |
||||
|
# |
||||
|
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun |
||||
|
# |
||||
|
# This deployment required following variables |
||||
|
# export Ali_Key="ALIACCESSKEY" |
||||
|
# export Ali_Secret="ALISECRETKEY" |
||||
|
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi |
||||
|
# |
||||
|
# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates |
||||
|
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com" |
||||
|
# If you have multiple CDN domains using the same certificate, just |
||||
|
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com" |
||||
|
# |
||||
|
# For regular CDN, see ali_cdn deploy hook |
||||
|
|
||||
|
Ali_DCDN_API="https://dcdn.aliyuncs.com/" |
||||
|
|
||||
|
ali_dcdn_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# Load dnsapi/dns_ali.sh to reduce the duplicated codes |
||||
|
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276 |
||||
|
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)" |
||||
|
# shellcheck source=/dev/null |
||||
|
if ! . "$dnsapi_ali"; then |
||||
|
_err "Error loading file $dnsapi_ali. Please check your API file and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_prepare_ali_credentials || return 1 |
||||
|
|
||||
|
_getdeployconf DEPLOY_ALI_DCDN_DOMAIN |
||||
|
if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then |
||||
|
_savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN" |
||||
|
else |
||||
|
DEPLOY_ALI_DCDN_DOMAIN="$_cdomain" |
||||
|
fi |
||||
|
|
||||
|
# read cert and key files and urlencode both |
||||
|
_cert=$(_url_encode upper-hex <"$_cfullchain") |
||||
|
_key=$(_url_encode upper-hex <"$_ckey") |
||||
|
|
||||
|
_debug2 _cert "$_cert" |
||||
|
_debug2 _key "$_key" |
||||
|
|
||||
|
## update domain ssl config |
||||
|
for domain in $DEPLOY_ALI_DCDN_DOMAIN; do |
||||
|
_set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key" |
||||
|
if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then |
||||
|
_info "Domain $domain certificate has been deployed successfully" |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# domain pub pri |
||||
|
_set_dcdn_domain_ssl_certificate_query() { |
||||
|
endpoint=$Ali_DCDN_API |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=SetDcdnDomainSSLCertificate' |
||||
|
query=$query'&CertType=upload' |
||||
|
query=$query'&DomainName='$1 |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&SSLPri='$3 |
||||
|
query=$query'&SSLProtocol=on' |
||||
|
query=$query'&SSLPub='$2 |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&Version=2018-01-15' |
||||
|
} |
@ -0,0 +1,184 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# Alviy domain api |
||||
|
# |
||||
|
# Get API key and secret from https://cloud.alviy.com/token |
||||
|
# |
||||
|
# Alviy_token="some-secret-key" |
||||
|
# |
||||
|
# Ex.: acme.sh --issue --staging --dns dns_alviy -d "*.s.example.com" -d "s.example.com" |
||||
|
|
||||
|
Alviy_Api="https://cloud.alviy.com/api/v1" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_alviy_add _acme-challenge.www.domain.com "content" |
||||
|
dns_alviy_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}" |
||||
|
if [ -z "$Alviy_token" ]; then |
||||
|
Alviy_token="" |
||||
|
_err "Please specify Alviy token." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and email to the account conf file. |
||||
|
_saveaccountconf_mutable Alviy_token "$Alviy_token" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting existing records" |
||||
|
if _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
||||
|
_info "This record already exists, skipping" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_add_data="{\"content\":\"$txtvalue\",\"type\":\"TXT\"}" |
||||
|
_debug2 _add_data "$_add_data" |
||||
|
_info "Adding record" |
||||
|
if _alviy_rest POST "zone/$_domain/domain/$fulldomain/" "$_add_data"; then |
||||
|
_debug "Checking updated records of '${fulldomain}'" |
||||
|
|
||||
|
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
||||
|
_err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
_err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_sleep 10 |
||||
|
_info "Added TXT record '${txtvalue}' for '${fulldomain}'." |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#fulldomain |
||||
|
dns_alviy_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then |
||||
|
_info "The record does not exist, skip" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_add_data="" |
||||
|
uuid=$(echo "$response" | tr "{" "\n" | grep "$txtvalue" | tr "," "\n" | grep uuid | cut -d \" -f4) |
||||
|
# delete record |
||||
|
_debug "Delete TXT record for '${fulldomain}'" |
||||
|
if ! _alviy_rest DELETE "zone/$_domain/record/$uuid" "{\"confirm\":1}"; then |
||||
|
_err "Cannot delete empty TXT record for '$fulldomain'" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "The record '$fulldomain'='$txtvalue' deleted" |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=3 |
||||
|
a="init" |
||||
|
while [ -n "$a" ]; do |
||||
|
a=$(printf "%s" "$domain" | cut -d . -f $i-) |
||||
|
i=$((i + 1)) |
||||
|
done |
||||
|
n=$((i - 3)) |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $n-) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
_alviy_rest GET "zone/$domain/" |
||||
|
_debug "can't get host from $domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _alviy_rest GET "zone/$h/"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" '"code":"NOT_FOUND"'; then |
||||
|
_debug "$h not found" |
||||
|
else |
||||
|
s=$((n - 1)) |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f -$s) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_alviy_txt_exists() { |
||||
|
zone=$1 |
||||
|
domain=$2 |
||||
|
content_data=$3 |
||||
|
_debug "Getting existing records" |
||||
|
|
||||
|
if ! _alviy_rest GET "zone/$zone/domain/$domain/TXT/"; then |
||||
|
_info "The record does not exist" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$3"; then |
||||
|
_info "The record has other value" |
||||
|
return 1 |
||||
|
fi |
||||
|
# GOOD code return - TRUE function |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_alviy_rest() { |
||||
|
method=$1 |
||||
|
path="$2" |
||||
|
content_data="$3" |
||||
|
_debug "$path" |
||||
|
|
||||
|
export _H1="Authorization: Bearer $Alviy_token" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$content_data" ] || [ "$method" = "DELETE" ]; then |
||||
|
_debug "data ($method): " "$content_data" |
||||
|
response="$(_post "$content_data" "$Alviy_Api/$path" "" "$method")" |
||||
|
else |
||||
|
response="$(_get "$Alviy_Api/$path")" |
||||
|
fi |
||||
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
||||
|
if [ "$_code" = "401" ]; then |
||||
|
_err "It seems that your api key or secret is not correct." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ "$_code" != "200" ]; then |
||||
|
_err "API call error ($method): $path Response code $_code" |
||||
|
fi |
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error on rest call ($method): $path. Response:" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,145 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Supports IONOS Cloud DNS API v1.15.4 |
||||
|
# |
||||
|
# Usage: |
||||
|
# Export IONOS_TOKEN before calling acme.sh: |
||||
|
# $ export IONOS_TOKEN="..." |
||||
|
# |
||||
|
# $ acme.sh --issue --dns dns_ionos_cloud ... |
||||
|
|
||||
|
IONOS_CLOUD_API="https://dns.de-fra.ionos.com" |
||||
|
IONOS_CLOUD_ROUTE_ZONES="/zones" |
||||
|
|
||||
|
dns_ionos_cloud_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) |
||||
|
_body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" |
||||
|
|
||||
|
if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then |
||||
|
_info "TXT record has been created successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
dns_ionos_cloud_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then |
||||
|
_err "Could not find _acme-challenge TXT record." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then |
||||
|
_info "TXT record has been deleted successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_init() { |
||||
|
IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" |
||||
|
|
||||
|
if [ -z "$IONOS_TOKEN" ]; then |
||||
|
_err "You didn't specify an IONOS token yet." |
||||
|
_err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." |
||||
|
_err "You need to set it before calling acme.sh:" |
||||
|
_err "\$ export IONOS_TOKEN=\"...\"" |
||||
|
_err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" |
||||
|
|
||||
|
if ! _get_cloud_zone "$fulldomain"; then |
||||
|
_err "Cannot find zone $zone in your IONOS account." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_get_cloud_zone() { |
||||
|
domain=$1 |
||||
|
zone=$(printf "%s" "$domain" | cut -d . -f 2-) |
||||
|
|
||||
|
if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then |
||||
|
_response="$(echo "$_response" | tr -d "\n")" |
||||
|
|
||||
|
_zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*") |
||||
|
|
||||
|
_zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
if [ "$_zone_id" ]; then |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_cloud_get_record() { |
||||
|
zone_id=$1 |
||||
|
txtrecord=$2 |
||||
|
# this is to transform the domain to lower case |
||||
|
fulldomain=$(printf "%s" "$3" | _lower_case) |
||||
|
# this is to transform record name to lower case |
||||
|
# IONOS Cloud API transforms all record names to lower case |
||||
|
_record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case) |
||||
|
|
||||
|
if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then |
||||
|
_response="$(echo "$_response" | tr -d "\n")" |
||||
|
|
||||
|
pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" |
||||
|
|
||||
|
_record="$(echo "$_response" | _egrep_o "$pattern")" |
||||
|
if [ "$_record" ]; then |
||||
|
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_cloud_rest() { |
||||
|
method="$1" |
||||
|
route="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
export _H1="Authorization: Bearer $IONOS_TOKEN" |
||||
|
|
||||
|
# clear headers |
||||
|
: >"$HTTP_HEADER" |
||||
|
|
||||
|
if [ "$method" != "GET" ]; then |
||||
|
_response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")" |
||||
|
else |
||||
|
_response="$(_get "$IONOS_CLOUD_API$route")" |
||||
|
fi |
||||
|
|
||||
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $route: $_response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 "_response" "$_response" |
||||
|
_debug2 "_code" "$_code" |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,395 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# shellcheck disable=SC2034 |
||||
|
dns_myapi_info='omg.lol |
||||
|
Based on the omg.lol API, defined at https://api.omg.lol/ |
||||
|
Domains: omg.lol |
||||
|
Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
||||
|
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns |
||||
|
Options: |
||||
|
OMG_ApiKey API Key from omg.lol. This is accesible from the bottom of the account page at https://home.omg.lol/account |
||||
|
OMG_Address This is your omg.lol address, without the preceding @ - you can see your list on your dashboard at https://home.omg.lol/dashboard |
||||
|
Issues: github.com/acmesh-official/acme.sh |
||||
|
Author: @Kholin <kholin+acme.omglolapi@omg.lol> |
||||
|
' |
||||
|
|
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
||||
|
|
||||
|
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_omglol_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
OMG_ApiKey="${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}" |
||||
|
OMG_Address="${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}" |
||||
|
|
||||
|
# As omg.lol includes a leading @ for their addresses, pre-strip this before save |
||||
|
OMG_Address="$(echo "$OMG_Address" | tr -d '@')" |
||||
|
|
||||
|
_saveaccountconf_mutable OMG_ApiKey "$OMG_ApiKey" |
||||
|
_saveaccountconf_mutable OMG_Address "$OMG_Address" |
||||
|
|
||||
|
_info "Using omg.lol." |
||||
|
_debug "Function" "dns_omglol_add()" |
||||
|
_debug "Full Domain Name" "$fulldomain" |
||||
|
_debug "txt Record Value" "$txtvalue" |
||||
|
_secure_debug "omg.lol API key" "$OMG_ApiKey" |
||||
|
_debug "omg.lol Address" "$OMG_Address" |
||||
|
|
||||
|
omg_validate "$OMG_ApiKey" "$OMG_Address" "$fulldomain" |
||||
|
if [ ! $? ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
dnsName=$(_getDnsRecordName "$fulldomain" "$OMG_Address") |
||||
|
authHeader="$(_createAuthHeader "$OMG_ApiKey")" |
||||
|
|
||||
|
_debug2 "dns_omglol_add(): Address" "$dnsName" |
||||
|
|
||||
|
omg_add "$OMG_Address" "$authHeader" "$dnsName" "$txtvalue" |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_omglol_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
OMG_ApiKey="${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}" |
||||
|
OMG_Address="${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}" |
||||
|
|
||||
|
# As omg.lol includes a leading @ for their addresses, strip this in case provided |
||||
|
OMG_Address="$(echo "$OMG_Address" | tr -d '@')" |
||||
|
|
||||
|
_info "Using omg.lol" |
||||
|
_debug "Function" "dns_omglol_rm()" |
||||
|
_debug "Full Domain Name" "$fulldomain" |
||||
|
_debug "txt Record Value" "$txtvalue" |
||||
|
_secure_debug "omg.lol API key" "$OMG_ApiKey" |
||||
|
_debug "omg.lol Address" "$OMG_Address" |
||||
|
|
||||
|
omg_validate "$OMG_ApiKey" "$OMG_Address" "$fulldomain" |
||||
|
if [ ! $? ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
dnsName=$(_getDnsRecordName "$fulldomain" "$OMG_Address") |
||||
|
authHeader="$(_createAuthHeader "$OMG_ApiKey")" |
||||
|
|
||||
|
omg_delete "$OMG_Address" "$authHeader" "$dnsName" "$txtvalue" |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
# Check that the minimum requirements are present. Close ungracefully if not |
||||
|
omg_validate() { |
||||
|
omg_apikey=$1 |
||||
|
omg_address=$2 |
||||
|
fulldomain=$3 |
||||
|
|
||||
|
_debug2 "Function" "dns_validate()" |
||||
|
_secure_debug2 "omg.lol API key" "$omg_apikey" |
||||
|
_debug2 "omg.lol Address" "$omg_address" |
||||
|
_debug2 "Full Domain Name" "$fulldomain" |
||||
|
|
||||
|
if [ "" = "$omg_address" ]; then |
||||
|
_err "omg.lol base address not provided. Exiting" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ "" = "$omg_apikey" ]; then |
||||
|
_err "omg.lol API key not provided. Exiting" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_endswith "$fulldomain" "omg.lol" |
||||
|
if [ ! $? ]; then |
||||
|
_err "Domain name requested is not under omg.lol" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_endswith "$fulldomain" "$omg_address.omg.lol" |
||||
|
if [ ! $? ]; then |
||||
|
_err "Domain name is not a subdomain of provided omg.lol address $omg_address" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Required environment parameters are all present" |
||||
|
} |
||||
|
|
||||
|
# Add (or modify) an entry for a new ACME query |
||||
|
omg_add() { |
||||
|
address=$1 |
||||
|
authHeader=$2 |
||||
|
dnsName=$3 |
||||
|
txtvalue=$4 |
||||
|
|
||||
|
_info "Creating DNS entry for $dnsName" |
||||
|
_debug2 "omg_add()" |
||||
|
_debug2 "omg.lol Address: " "$address" |
||||
|
_secure_debug2 "omg.lol authorization header: " "$authHeader" |
||||
|
_debug2 "Full Domain name:" "$dnsName.$address.omg.lol" |
||||
|
_debug2 "TXT value to set:" "$txtvalue" |
||||
|
|
||||
|
export _H1="$authHeader" |
||||
|
|
||||
|
endpoint="https://api.omg.lol/address/$address/dns" |
||||
|
_debug2 "Endpoint" "$endpoint" |
||||
|
|
||||
|
payload='{"type": "TXT", "name":"'"$dnsName"'", "data":"'"$txtvalue"'", "ttl":30}' |
||||
|
_debug2 "Payload" "$payload" |
||||
|
|
||||
|
response=$(_post "$payload" "$endpoint" "" "POST" "application/json") |
||||
|
|
||||
|
omg_validate_add "$response" "$dnsName.$address" "$txtvalue" |
||||
|
} |
||||
|
|
||||
|
omg_validate_add() { |
||||
|
response=$1 |
||||
|
name=$2 |
||||
|
content=$3 |
||||
|
|
||||
|
_debug "Validating DNS record addition" |
||||
|
_debug2 "omg_validate_add()" |
||||
|
_debug2 "Response" "$response" |
||||
|
_debug2 "DNS Name" "$name" |
||||
|
_debug2 "DNS value" "$content" |
||||
|
|
||||
|
_jsonResponseCheck "$response" "success" "true" |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response did not report success" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_jsonResponseCheck "$response" "message" "Your DNS record was created successfully." |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response message did not indicate DNS record was successfully created" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_jsonResponseCheck "$response" "name" "$name" |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response DNS Name did not match the response received" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_jsonResponseCheck "$response" "content" "$content" |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response DNS Name did not match the response received" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Record Created successfully" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
omg_getRecords() { |
||||
|
address=$1 |
||||
|
authHeader=$2 |
||||
|
dnsName=$3 |
||||
|
txtValue=$4 |
||||
|
|
||||
|
_debug2 "omg_getRecords()" |
||||
|
_debug2 "omg.lol Address: " "$address" |
||||
|
_secure_debug2 "omg.lol Auth Header: " "$authHeader" |
||||
|
_debug2 "omg.lol DNS name:" "$dnsName" |
||||
|
_debug2 "txt Value" "$txtValue" |
||||
|
|
||||
|
export _H1="$authHeader" |
||||
|
|
||||
|
endpoint="https://api.omg.lol/address/$address/dns" |
||||
|
_debug2 "Endpoint" "$endpoint" |
||||
|
|
||||
|
payload=$(_get "$endpoint") |
||||
|
|
||||
|
_debug2 "Received Payload:" "$payload" |
||||
|
|
||||
|
# Reformat the JSON to be more parseable |
||||
|
recordID=$(echo "$payload" | _stripWhitespace) |
||||
|
recordID=$(echo "$recordID" | _exposeJsonArray) |
||||
|
|
||||
|
# Now find the one with the right value, and caputre its ID |
||||
|
recordID=$(echo "$recordID" | grep -- "$txtValue" | grep -i -- "$dnsName.$address") |
||||
|
_getJsonElement "$recordID" "id" |
||||
|
} |
||||
|
|
||||
|
omg_delete() { |
||||
|
address=$1 |
||||
|
authHeader=$2 |
||||
|
dnsName=$3 |
||||
|
txtValue=$4 |
||||
|
|
||||
|
_info "Deleting DNS entry for $dnsName with value $txtValue" |
||||
|
_debug2 "omg_delete()" |
||||
|
_debug2 "omg.lol Address: " "$address" |
||||
|
_secure_debug2 "omg.lol Auth Header: " "$authHeader" |
||||
|
_debug2 "Full Domain name:" "$dnsName.$address.omg.lol" |
||||
|
_debug2 "txt Value" "$txtValue" |
||||
|
|
||||
|
record=$(omg_getRecords "$address" "$authHeader" "$dnsName" "$txtvalue") |
||||
|
if [ "" = "$record" ]; then |
||||
|
_err "DNS record $address not found!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
endpoint="https://api.omg.lol/address/$address/dns/$record" |
||||
|
_debug2 "Endpoint" "$endpoint" |
||||
|
|
||||
|
export _H1="$authHeader" |
||||
|
output=$(_post "" "$endpoint" "" "DELETE") |
||||
|
|
||||
|
_debug2 "Response" "$output" |
||||
|
|
||||
|
omg_validate_delete "$output" |
||||
|
} |
||||
|
|
||||
|
# Validate the response on request to delete. Confirm stastus is success and |
||||
|
# Message indicates deletion was successful |
||||
|
# Input: Response - HTTP response received from delete request |
||||
|
omg_validate_delete() { |
||||
|
response=$1 |
||||
|
|
||||
|
_info "Validating DNS record deletion" |
||||
|
_debug2 "omg_validate_delete()" |
||||
|
_debug2 "Response" "$response" |
||||
|
|
||||
|
_jsonResponseCheck "$output" "success" "true" |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response did not report success" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_jsonResponseCheck "$output" "message" "OK, your DNS record has been deleted." |
||||
|
if [ "1" = "$?" ]; then |
||||
|
_err "Response message did not indicate DNS record was successfully deleted" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Record deleted successfully" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
########## Utility Functions ##################################### |
||||
|
# All utility functions only log at debug3 |
||||
|
_jsonResponseCheck() { |
||||
|
response=$1 |
||||
|
field=$2 |
||||
|
correct=$3 |
||||
|
|
||||
|
correct=$(echo "$correct" | _lower_case) |
||||
|
|
||||
|
_debug3 "jsonResponseCheck()" |
||||
|
_debug3 "Response to parse" "$response" |
||||
|
_debug3 "Field to get response from" "$field" |
||||
|
_debug3 "What is the correct response" "$correct" |
||||
|
|
||||
|
responseValue=$(_jsonGetLastResponse "$response" "$field") |
||||
|
|
||||
|
if [ "$responseValue" != "$correct" ]; then |
||||
|
_debug3 "Expected: $correct" |
||||
|
_debug3 "Actual: $responseValue" |
||||
|
return 1 |
||||
|
else |
||||
|
_debug3 "Matched: $responseValue" |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_jsonGetLastResponse() { |
||||
|
response=$1 |
||||
|
field=$2 |
||||
|
|
||||
|
_debug3 "jsonGetLastResponse()" |
||||
|
_debug3 "Response provided" "$response" |
||||
|
_debug3 "Field to get responses for" "$field" |
||||
|
|
||||
|
responseValue=$(echo "$response" | grep -- "\"$field\"" | cut -f2 -d":") |
||||
|
|
||||
|
_debug3 "Response lines found:" "$responseValue" |
||||
|
|
||||
|
responseValue=$(echo "$responseValue" | sed 's/^ //g' | sed 's/^"//g' | sed 's/\\"//g') |
||||
|
responseValue=$(echo "$responseValue" | sed 's/,$//g' | sed 's/"$//g') |
||||
|
responseValue=$(echo "$responseValue" | _lower_case) |
||||
|
|
||||
|
_debug3 "Responses found" "$responseValue" |
||||
|
_debug3 "Response Selected" "$(echo "$responseValue" | tail -1)" |
||||
|
|
||||
|
echo "$responseValue" | tail -1 |
||||
|
} |
||||
|
|
||||
|
_stripWhitespace() { |
||||
|
tr -d '\n' | tr -d '\r' | tr -d '\t' | sed -r 's/ +/ /g' | sed 's/\\"//g' |
||||
|
} |
||||
|
|
||||
|
_exposeJsonArray() { |
||||
|
sed -r 's/.*\[//g' | tr '}' '|' | tr '{' '|' | sed 's/|, |/|/g' | tr '|' '\n' |
||||
|
} |
||||
|
|
||||
|
_getJsonElement() { |
||||
|
content=$1 |
||||
|
field=$2 |
||||
|
|
||||
|
_debug3 "_getJsonElement()" |
||||
|
_debug3 "Input JSON element" "$content" |
||||
|
_debug3 "JSON element to isolate" "$field" |
||||
|
|
||||
|
# With a single JSON entry to parse, convert commas to newlines puts each element on |
||||
|
# its own line - which then allows us to just grep teh name, remove the key, and |
||||
|
# isolate the value |
||||
|
output=$(echo "$content" | tr ',' '\n' | grep -- "\"$field\":" | sed 's/.*: //g') |
||||
|
|
||||
|
_debug3 "String before unquoting: $output" |
||||
|
|
||||
|
_unquoteString "$output" |
||||
|
} |
||||
|
|
||||
|
_createAuthHeader() { |
||||
|
apikey=$1 |
||||
|
|
||||
|
_debug3 "_createAuthHeader()" |
||||
|
_secure_debug3 "Provided API Key" "$apikey" |
||||
|
|
||||
|
authheader="Authorization: Bearer $apikey" |
||||
|
_secure_debug3 "Authorization Header" "$authheader" |
||||
|
echo "$authheader" |
||||
|
} |
||||
|
|
||||
|
_getDnsRecordName() { |
||||
|
fqdn=$1 |
||||
|
address=$2 |
||||
|
|
||||
|
_debug3 "_getDnsRecordName()" |
||||
|
_debug3 "FQDN" "$fqdn" |
||||
|
_debug3 "omg.lol Address" "$address" |
||||
|
|
||||
|
echo "$fqdn" | sed 's/\.omg\.lol//g' | sed 's/\.'"$address"'$//g' |
||||
|
} |
||||
|
|
||||
|
_unquoteString() { |
||||
|
output=$1 |
||||
|
quotes=0 |
||||
|
|
||||
|
_debug3 "_unquoteString()" |
||||
|
_debug3 "Possibly quoted string" "$output" |
||||
|
|
||||
|
_startswith "$output" "\"" |
||||
|
if [ $? ]; then |
||||
|
quotes=$((quotes + 1)) |
||||
|
fi |
||||
|
|
||||
|
_endswith "$output" "\"" |
||||
|
if [ $? ]; then |
||||
|
quotes=$((quotes + 1)) |
||||
|
fi |
||||
|
|
||||
|
_debug3 "Original String: $output" |
||||
|
_debug3 "Quotes found: $quotes" |
||||
|
|
||||
|
if [ $((quotes)) -gt 1 ]; then |
||||
|
output=$(echo "$output" | sed 's/^"//g' | sed 's/"$//g') |
||||
|
_debug3 "Quotes removed: $output" |
||||
|
fi |
||||
|
|
||||
|
echo "$output" |
||||
|
} |
Some files were not shown because too many files changed in this diff
Write
Preview
Loading…
Cancel
Save
Reference in new issue