[sysadmin-bin] Add certbot DNS-01 authentication hook

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Add certbot DNS-01 authentication hook
Date: Fri, 4 Mar 2022 11:14:23 +0000 (UTC)

commit 46d809ea750f932902c86688cdceb9a0e7a55db9
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Fri Mar 4 12:08:49 2022 +0100

    Add certbot DNS-01 authentication hook

 certbot/auth-hook | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
---
diff --git a/certbot/auth-hook b/certbot/auth-hook
new file mode 100755
index 0000000..093d6a4
--- /dev/null
+++ b/certbot/auth-hook
@@ -0,0 +1,65 @@
+#!/usr/bin/python3
+
+import os
+import subprocess
+import sys
+import tempfile
+import time
+
+import pygit2
+
+
+def commit_all(repo, message):
+    repo.index.add_all()
+    repo.index.write()
+    tree = repo.index.write_tree()
+    author = pygit2.Signature("certbot", "certbot nsd01 gnome org")
+    committer = pygit2.Signature("certbot", "certbot nsd01 gnome org")
+
+    oid = repo.create_commit(
+        "refs/heads/master",
+        author,
+        committer,
+        message,
+        tree,
+        [repo.head.get_object().hex],
+    )
+
+    return oid
+
+
+def main():
+    domain = os.getenv("CERTBOT_DOMAIN")
+    if not domain:
+        sys.exit(1)
+
+    token = os.getenv("CERTBOT_VALIDATION")
+    if not token:
+        sys.exit(1)
+
+    base_domain = ".".join(domain.split(".")[-2:])
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        repo = pygit2.clone_repository("/git/dns.git", tmpdir)
+        if not repo:
+            sys.exit(1)
+
+        dns_entry = f'_acme-challenge.{domain}. IN TXT "{token}"'
+        with open(f"{tmpdir}/master/{base_domain}", "a") as f:
+            f.write(dns_entry)
+            f.write("\n")
+
+        commit_all(repo, f"Add Let's Encrypt token for {domain}")
+
+        os.chdir(tmpdir)
+        subprocess.run(["./do-domains"], check=True)
+        commit_all(repo, "done build")
+
+        repo.remotes[0].push(["refs/heads/master:refs/heads/master"])
+
+        # Wait 30s for DNS to propagate
+        time.sleep(30)
+
+
+if __name__ == "__main__":
+    main()

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]