#!/bin/bash

#
# Example how to deploy a DNS challenge using nsupdate
#
# https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
# slightly modified by kdrexel

# example:
#update add monitor2-test.bfh.host 7200 TXT "if-you-can-dig-it-everything-works-fine"
#printf "server %s\nzone %s.\nttl %d\nupdate add _acme-challenge.%s. %d TXT \"%s\"\nsend\n" "${DNSSERVER}" "${ZONE}" "${TTL}" "${2}" "${TTL}" "${CHALLENGE}" | $NSUPDATE

set -e
set -u
set -o pipefail

if [ $# -lt 3 ]; then
	logger "$0 called with too few ARGS: $@"
	exit 42
fi

# Params from hook.sh
DOMAIN="$2"
CHALLENGE="$3"

ZONE=$(cat /etc/hostname |awk -F '.' '{ print $(NF-1),$NF}'| sed -e 's/ /./')
NSUPDATE="knsupdate"
#NSUPDATE="nsupdate -k /path/to/Kdnsupdatekey.private" #bind only
DNSSERVER=$(kdig -4 @ns.bfh.science ns.bfh.science +short)

TTL=300

case "$1" in
    "deploy_challenge")
	for NS in $DNSSERVER
	do
		TEMPFILE=$(tempfile -s -dehydrated)
		cat << EOF >> $TEMPFILE
server $NS
zone ${ZONE}.
ttl $TTL
update add _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
send
EOF
	$NSUPDATE $TEMPFILE
	done
        ;;

    "clean_challenge")
	for NS in $DNSSERVER
	do
		TEMPFILE=$(tempfile -s -dehydrated-del)
		cat << EOF >> $TEMPFILE
server $NS
zone ${ZONE}.
ttl $TTL
update delete _acme-challenge.${DOMAIN} $TTL TXT $CHALLENGE
send
EOF
		if [ -t 1 ]
		then
			echo "Deleting TXT Record _acme-challenge.${DOMAIN}..."
		fi
		sleep 10
		$NSUPDATE $TEMPFILE
	done
        ;;
    "deploy_cert")
        # optional:
        # /path/to/deploy_cert.sh "$@"
        ;;
    "unchanged_cert")
        # do nothing for now
        ;;
    "startup_hook")
        # do nothing for now
        ;;
    "exit_hook")
        # do nothing for now
        ;;
esac

exit 0