1 files changed, 83 insertions, 0 deletions

diff --git a/bin/dehydrated-knotupdate b/bin/dehydrated-knotupdate
new file mode 100755
index 0000000..1a56f80
--- /dev/null
+++ b/bin/dehydrated-knotupdate
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+#
+# Example how to deploy a DNS challenge using nsupdate
+#
+# https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
+# slightly modified by kdrexel
+
+# example:
+#update add monitor2-test.bfh.host 7200 TXT "if-you-can-dig-it-everything-works-fine"
+#printf "server %s\nzone %s.\nttl %d\nupdate add _acme-challenge.%s. %d TXT \"%s\"\nsend\n" "${DNSSERVER}" "${ZONE}" "${TTL}" "${2}" "${TTL}" "${CHALLENGE}" | $NSUPDATE
+
+set -e
+set -u
+set -o pipefail
+
+if [ $# -lt 3 ]; then
+	logger "$0 called with too few ARGS: $@"
+	exit 42
+fi
+
+# Params from hook.sh
+DOMAIN="$2"
+CHALLENGE="$3"
+
+ZONE=$(cat /etc/hostname |awk -F '.' '{ print $(NF-1),$NF}'| sed -e 's/ /./')
+NSUPDATE="knsupdate"
+#NSUPDATE="nsupdate -k /path/to/Kdnsupdatekey.private" #bind only
+DNSSERVER=$(kdig -4 @ns.bfh.science ns.bfh.science +short)
+
+TTL=300
+
+case "$1" in
+    "deploy_challenge")
+	for NS in $DNSSERVER
+	do
+		TEMPFILE=$(tempfile -s -dehydrated)
+		cat << EOF >> $TEMPFILE
+server $NS
+zone ${ZONE}.
+ttl $TTL
+update add _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
+send
+EOF
+	$NSUPDATE $TEMPFILE
+	done
+        ;;
+
+    "clean_challenge")
+	for NS in $DNSSERVER
+	do
+		TEMPFILE=$(tempfile -s -dehydrated-del)
+		cat << EOF >> $TEMPFILE
+server $NS
+zone ${ZONE}.
+ttl $TTL
+update delete _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
+send
+EOF
+		if [ -t 1 ]
+		then
+			echo "Deleting TXT Record _acme-challenge.${DOMAIN}..."
+		fi
+		sleep 10
+		$NSUPDATE $TEMPFILE
+	done
+        ;;
+    "deploy_cert")
+        # optional:
+        # /path/to/deploy_cert.sh "$@"
+        ;;
+    "unchanged_cert")
+        # do nothing for now
+        ;;
+    "startup_hook")
+        # do nothing for now
+        ;;
+    "exit_hook")
+        # do nothing for now
+        ;;
+esac
+
+exit 0