Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- MYSQL_HOSTNAME="42.42.42.42"
- MYSQL_DATABASE="pdns"
- MYSQL_USERNAME="pdns"
- MYSQL_PASSWORD="pdns"
- CERT_FILE_USER="root"
- CERT_FILE_GROUP="root"
- function _log {
- echo >&2 "$(date) ${@}"
- }
- function _parse_basedomain {
- local DOMAIN="${1}"
- local BASEDOMAIN=$(echo -n "${DOMAIN}" | awk -F'.' '{print $(NF-1) "." $NF}')
- echo -n "${BASEDOMAIN}"
- }
- function _fetch_domain_id {
- local BASEDOMAIN="${1}"
- local STATEMENT="SELECT id FROM domains WHERE name='${BASEDOMAIN}'"
- local DOMAINID=$(mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}")
- if [ -z "${DOMAINID}" ]; then
- _log "Could not get domain ID from PowerDNS database, invalid base domain!"
- exit 1
- fi
- _log "Found domain in database with ID: ${DOMAINID}"
- echo -n "${DOMAINID}"
- }
- function deploy_challenge {
- local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
- # Check arguments
- [ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
- [ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }
- # Get domain ID from database
- local BASEDOMAIN=$(_parse_basedomain "${DOMAIN}")
- local DOMAINID=$(_fetch_domain_id "${BASEDOMAIN}")
- # Output some debug information about the task
- _log "Parsed command line arguments:"
- _log "> Task: Deploying ACME challenge record"
- _log "> Domain: ${DOMAIN}"
- _log "> Base Domain: ${BASEDOMAIN}"
- _log "> Token Code: ${TOKEN_VALUE}"
- # Create new _acme-challenge.<DOMAIN> record
- local STATEMENT="INSERT INTO records (domain_id, name, type, content, ttl) VALUES (${DOMAINID}, '_acme-challenge.${DOMAIN}', 'TXT', '\"${TOKEN_VALUE}\"', 60)"
- mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
- if [ $? -ne 0 ]; then
- _log "Could not insert new ACME challenge record into PowerDNS database!"
- exit 2
- fi
- _log "Inserted ACME challenge record into PowerDNS database."
- }
- function clean_challenge {
- local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
- # Check arguments
- [ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
- [ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }
- # Output some debug information about the task
- _log "Parsed command line arguments:"
- _log "> Task: Cleanup ACME challenge record(s)"
- _log "> Domain: ${DOMAIN}"
- # Delete all old _acme-challenge.<DOMAIN> records
- local STATEMENT="DELETE FROM records WHERE name='_acme-challenge.${DOMAIN}' AND content='\"${TOKEN_VALUE}\"'"
- mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
- if [ $? -ne 0 ]; then
- _log "Could not delete old ACME challenge records from PowerDNS database!"
- exit 2
- fi
- _log "Deleted all old ACME challenge records from PowerDNS database."
- }
- function deploy_cert {
- local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
- local BASEDESTINATION="/opt/certificates/store"
- local DESTINATION="${BASEDESTINATION}/${DOMAIN}"
- # Output some debug information about the task
- _log "Parsed command line arguments:"
- _log "> Task: Deploy certificate files"
- _log "> Certificate Store: ${DESTINATION}"
- _log "> Domain: ${DOMAIN}"
- _log "> Keyfile: ${KEYFILE}"
- _log "> Certificate: ${CERTFILE}"
- _log "> Chainfile: ${CHAINFILE}"
- # Copy files to our certificate store
- mkdir -pv "${DESTINATION}"
- cp -vf "${KEYFILE}" "${DESTINATION}/site.key"
- cp -vf "${CERTFILE}" "${DESTINATION}/site.crt"
- cp -vf "${CHAINFILE}" "${DESTINATION}/site.wchain.crt"
- cat "${DESTINATION}/site.key" "${DESTINATION}/site.crt" > "${DESTINATION}/site.wkey.pem"
- cat "${DESTINATION}/site.key" "${DESTINATION}/site.wchain.crt" > "${DESTINATION}/site.wkey.wchain.pem"
- # Fix permissions of certificate store
- chown -R "${CERT_FILE_USER}:${CERT_FILE_GROUP}" "${BASEDESTINATION}"
- find "${BASEDESTINATION}" -type d -exec chmod 750 {} \;
- find "${BASEDESTINATION}" -type f -exec chmod 440 {} \;
- }
- if [ $(id -u) -ne 0 ]; then
- _log "This application can only be run as root, exiting..."
- exit 3
- fi
- HANDLER=$1; shift; $HANDLER $@
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement