diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-05-09 04:21:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-05-09 04:21:55 +0000 |
| commit | 453cc058d9ee6d7cb47529d99061216e72149a5f (patch) | |
| tree | 38e3683d9cb52c2f181d65ba513554a5e1387f20 /bin/dehydrated-knotupdate | |
| parent | Initial commit. (diff) | |
| download | progress-linux-tools-453cc058d9ee6d7cb47529d99061216e72149a5f.tar.xz progress-linux-tools-453cc058d9ee6d7cb47529d99061216e72149a5f.zip | |
Adding bin.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/dehydrated-knotupdate')
| -rwxr-xr-x | bin/dehydrated-knotupdate | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/bin/dehydrated-knotupdate b/bin/dehydrated-knotupdate new file mode 100755 index 0000000..1a56f80 --- /dev/null +++ b/bin/dehydrated-knotupdate @@ -0,0 +1,83 @@ +#!/bin/bash + +# +# Example how to deploy a DNS challenge using nsupdate +# +# https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script +# slightly modified by kdrexel + +# example: +#update add monitor2-test.bfh.host 7200 TXT "if-you-can-dig-it-everything-works-fine" +#printf "server %s\nzone %s.\nttl %d\nupdate add _acme-challenge.%s. %d TXT \"%s\"\nsend\n" "${DNSSERVER}" "${ZONE}" "${TTL}" "${2}" "${TTL}" "${CHALLENGE}" | $NSUPDATE + +set -e +set -u +set -o pipefail + +if [ $# -lt 3 ]; then + logger "$0 called with too few ARGS: $@" + exit 42 +fi + +# Params from hook.sh +DOMAIN="$2" +CHALLENGE="$3" + +ZONE=$(cat /etc/hostname |awk -F '.' '{ print $(NF-1),$NF}'| sed -e 's/ /./') +NSUPDATE="knsupdate" +#NSUPDATE="nsupdate -k /path/to/Kdnsupdatekey.private" #bind only +DNSSERVER=$(kdig -4 @ns.bfh.science ns.bfh.science +short) + +TTL=300 + +case "$1" in + "deploy_challenge") + for NS in $DNSSERVER + do + TEMPFILE=$(tempfile -s -dehydrated) + cat << EOF >> $TEMPFILE +server $NS +zone ${ZONE}. +ttl $TTL +update add _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE +send +EOF + $NSUPDATE $TEMPFILE + done + ;; + + "clean_challenge") + for NS in $DNSSERVER + do + TEMPFILE=$(tempfile -s -dehydrated-del) + cat << EOF >> $TEMPFILE +server $NS +zone ${ZONE}. +ttl $TTL +update delete _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE +send +EOF + if [ -t 1 ] + then + echo "Deleting TXT Record _acme-challenge.${DOMAIN}..." + fi + sleep 10 + $NSUPDATE $TEMPFILE + done + ;; + "deploy_cert") + # optional: + # /path/to/deploy_cert.sh "$@" + ;; + "unchanged_cert") + # do nothing for now + ;; + "startup_hook") + # do nothing for now + ;; + "exit_hook") + # do nothing for now + ;; +esac + +exit 0 |