<?php// Stalwart mail, get DNS entries for DANE$api_key = "STALWART_API_

1. <?php
2.  
3. // Stalwart mail, get DNS entries for DANE
4.  
5. $api_key = "STALWART_API_KEY";
6. $url = "https://STALWART_DOMAIN/api/dns/records/STALWART_DOMAIN";
7.  
8. $ch = curl_init();
9. curl_setopt($ch, CURLOPT_URL, $url);
10. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
11. curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $api_key));
12. $response = curl_exec($ch);
13. curl_close($ch);
14.  
15. // Now we update cloudflare records
16. $cloudflare_api_key = "CLOUDFLARE_API_KEY";
17. $domain = "STALWART_DOMAIN";
18.  
19. // Get the zone ID for the domain
20. $zone_url = "https://api.cloudflare.com/client/v4/zones?name=$domain";
21. $ch = curl_init();
22. curl_setopt($ch, CURLOPT_URL, $zone_url);
23. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
24. curl_setopt($ch, CURLOPT_HTTPHEADER, [
25. "Authorization: Bearer $cloudflare_api_key",
26. "Content-Type: application/json"
27. ]);
28. $zone_response = curl_exec($ch);
29. curl_close($ch);
30.  
31. $zone_data = json_decode($zone_response, true);
32. $zone_id = $zone_data['result'][0]['id'];
33.  
34. // Fetch existing DNS records to get their IDs
35. $dns_records_url = "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records";
36. $ch = curl_init();
37. curl_setopt($ch, CURLOPT_URL, $dns_records_url);
38. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
39. curl_setopt($ch, CURLOPT_HTTPHEADER, [
40. "Authorization: Bearer $cloudflare_api_key",
41. "Content-Type: application/json"
42. ]);
43. $dns_records_response = curl_exec($ch);
44. curl_close($ch);
45.  
46. $dns_records_data = json_decode($dns_records_response, true);
47.  
48. // Delete all existing TLSA records
49. foreach ($dns_records_data['result'] as $existing_record) {
50. if ($existing_record['type'] === 'TLSA') {
51. $dns_record_id = $existing_record['id'];
52. $delete_url = "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records/$dns_record_id";
53.  
54. $ch = curl_init();
55. curl_setopt($ch, CURLOPT_URL, $delete_url);
56. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
57. curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
58. curl_setopt($ch, CURLOPT_HTTPHEADER, [
59. "Authorization: Bearer $cloudflare_api_key",
60. "Content-Type: application/json"
61. ]);
62.  
63. $delete_response = curl_exec($ch);
64. curl_close($ch);
65.  
66. echo "Deleted TLSA record: {$existing_record['name']}\n";
67. }
68. }
69.  
70. // Add new TLSA records
71. $dns_records = json_decode($response, true)['data'];
72. foreach ($dns_records as $record) {
73. if ($record['type'] === 'TLSA') {
74. $add_url = "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records";
75.  
76. // Split the TLSA content into its components
77. list($usage, $selector, $matching_type, $certificate) = explode(' ', $record['content'], 4);
78.  
79. $dns_data = [
80. "type" => $record['type'],
81. "name" => rtrim($record['name'], '.'),
82. "data" => [
83. "usage" => $usage,
84. "selector" => $selector,
85. "matching_type" => $matching_type,
86. "certificate" => $certificate
87. ],
88. "proxied" => false
89. ];
90.  
91. $ch = curl_init();
92. curl_setopt($ch, CURLOPT_URL, $add_url);
93. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
94. curl_setopt($ch, CURLOPT_POST, 1);
95. curl_setopt($ch, CURLOPT_HTTPHEADER, [
96. "Authorization: Bearer $cloudflare_api_key",
97. "Content-Type: application/json"
98. ]);
99. curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($dns_data));
100.  
101. $add_response = curl_exec($ch);
102. curl_close($ch);
103.  
104. echo "Added TLSA record: {$record['name']}\n";
105. }
106. }
107.