kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Merge branch 'hetzner-dyndns'

Browse source
This commit is contained in:
Sophie Schiller 2025-06-22 23:59:52 +02:00
commit 3761ee6ee8
5 changed files with 118 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

41
data/ssl/_.home.sophies-kitchen.eu.crt.pem
View file

@ -1,24 +1,23 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIID9jCCA3ygAwIBAgISBaRtAN5dI7hI3l+MeuwXGm48MAoGCCqGSM49BAMDMDIx MIID1DCCA1qgAwIBAgISBTKUiIkigBvSZVQDbw9ukheIMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTAzMTkxNzI1NTVaFw0yNTA2MTcxNzI1NTRaMCIxIDAeBgNVBAMTF2hv NjAeFw0yNTA2MjIyMDU5NThaFw0yNTA5MjAyMDU5NTdaMCIxIDAeBgNVBAMTF2hv
bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMpwz bWUuc29waGllcy1raXRjaGVuLmV1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDNnB
KfaRqcoUak1UJzHRmcy1Zz/9KmlEoja94JwEO7qqARCOJedwJ/MS8Zkz3ZkJvjv5 CD9xIEtadMu6N0uqHoVUSWLiB+LohLkzfjIzuKSxwdvdjM7aZ+3TTQL6OhNNnzP0
iIXe9u6qbn/C8RS+/UqunvnCxTJeWMcXaI2p9M+DE7PlPQiIP1t/SPQ2QsIso4IC 5L+XOeW5/LzPwtMR9U67IKl3BFKODr/M5UOQbarHPultrMwtKfs4xPimTaqlo4IC
YzCCAl8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF QTCCAj0wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSspYDX4yydAiYu+8XZw/Vu7IrW BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRjpEHtCkpi9XffO4TiCHgyaZ7e
xDAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZwi9LXDTBVBggrBgEFBQcBAQRJ AjAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jAyBggrBgEFBQcBAQQm
MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxlbmNyLm9yZzAiBggrBgEFBQcw MCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wPQYDVR0RBDYw
AoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzA9BgNVHREENjA0ghkqLmhvbWUuc29w NIIZKi5ob21lLnNvcGhpZXMta2l0Y2hlbi5ldYIXaG9tZS5zb3BoaWVzLWtpdGNo
aGllcy1raXRjaGVuLmV1ghdob21lLnNvcGhpZXMta2l0Y2hlbi5ldTATBgNVHSAE ZW4uZXUwEwYDVR0gBAwwCjAIBgZngQwBAgEwLAYDVR0fBCUwIzAhoB+gHYYbaHR0
DDAKMAgGBmeBDAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTUuYy5sZW5j cDovL2U2LmMubGVuY3Iub3JnLzkuY3JsMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADy
ci5vcmcvNjEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcATnWjJ1yaEMM4 AHcA7TxL1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXmaZlsAAABAMA
W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGVr6ZJYgAABAMASDBGAiEA2TRwcna6 SDBGAiEA1HNklX3fn9+0ob4WqFUNLrQV1mHN+tVcUKrh1nSyUMYCIQDbIzgNbz13
vp3yZSUfXjd14SFvTZtXucSMJQQERKgwDekCIQCEppv+qukiFo4SjQBMQ50ptVXC X3nMrY2dcHxFzjBnFHQoYsQgjIHkxuzDXQB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf
LMJZVy4A6VuMCmj3VQB1AOCSs/wMHcjnaDYf3mG5lk0KUngZinLWcsSwTaVtb1QE 2wA6FBJ2Ciysu8gqAAABl5mmfWIAAAQDAEgwRgIhAJESizo9faN0c1RD7mvcd8ZT
AAABla+mSgEAAAQDAEYwRAIgXjJYEE32AFXfqx43ZOQrgP5cGdK5znOGCSxmjcMg +RMQMdVtU4MiniBcIcwiAiEAwjR0oUcWFeZq56U5jzYyn2i0/LfhWQA1hx+19TuE
S/UCIBZNBTNVtJWGYKJQgS+bx7EbDDWobar7shNd1/jK0Kt3MAoGCCqGSM49BAMD qwMwCgYIKoZIzj0EAwMDaAAwZQIxAN6rDk9COjwXvDpGuFGbeqUaB72CtEvlXtAC
A2gAMGUCMQCoQeeM5wcNWCgtjoWPqduuEP/W0M4UrBydd2tVAAE7dbYb2Batj2Gg wmjxGdQAd3LyE97muGqtBPLcCBVgPgIwKIVcSS1rJ8NYz93bOPddEn74wPM7UIEG
qnaDMK2j/+ACMCNtwr4CWsgMAsK8HlDVM0UBvzEFOy2X+hkGzqOe0kfN+abHP0Sf 0YpB1kM46bZ1aAubssBGvqiTSPDzVu0k
L0aZkl5gt8NcKg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

36
data/ssl/_.home.sophies-kitchen.eu.crt_intermediate.pem
View file

@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
VQD9F6Na/+zmXCc= Ig46v9mFmBvyH04=
-----END CERTIFICATE----- -----END CERTIFICATE-----

2
data/ssl/_.home.sophies-kitchen.eu.key.pem.vault
View file

@ -1 +1 @@
encrypt$gAAAAABn2wvcFmCiy7gpvvwJzRVNJSSxLvlld2ob9O2ivyekdR6y1_k90Q1xZhs7-ombGAIyez1D7lvuNhYQrnff5TqRa9wKbIVyqOOj4lc5qS2jJWyMl9BCr7Fu0mdW0_33Ke5nGpc3mAMjwTLCn8aw-I_I0kALuhKvZ_H31Oy0Mdjw9rau8TmeWGmJDiPMyHlg_C6s2Gvj2VKHVuGeSVg01frjlTveK-ZsJNGvKm7njCqvqGJytFeV6iHzWYyzMTk8-z_xtv-PKH82ME_IdGVv8YcgmCrXWzzA35A3YEaac7uKui1RFzqN6K5sYL1hsxU9rAyidNRd1fp0CRlpyJWgcf_ykoe2u3ManhFOdMmJdx_nrt2znNLaiQqcSHWuws7pGeSZtX72rGa5ZEBF5xeTruhRSQyjMUuBZrqi75QKyYnpmNSpgh0fDHqHUVmSQ5vInd8Tai2BWz3oqKhrkqJMIXlKQn35Jw== encrypt$gAAAAABoWHyMEiWt-0WotQYL4O4bCviT8YZzGhrv5Qzizf1c4THe1exOOlTB9KvjhWUdB8AU_gyzgNnmGXaghavS306OXUBeWFgMA3xlEGz5w9EiaU3djM8ddC1jFLWbm7hTwKnTrsuoee-sj-sep1oNVzr327LsO5EIrLmxqrcvXRGuST2zhHeqMjuxTpyXB-fg9ge_UTBD3W06fy9FwRzD4n1f5InkHTK6EohLMH1scKmIWG52XdZs_Cx3JvXkynfIFyiT7DbzX7YLpRTvLh_Dy3E96F5_H-kR2Uh2db4IL9EwtPGM-jN8XSOFAS14dFeiQTeYzRaGVkQY3YmzsEgxKrSpCjSbUsLNAd4_hqTgbGrlPI1tVjHCozHKiDHM5Taw9b1gxR3pOImONNDFMoV0Pzn2_wsM-GpuLp5q_FtIMb7tHoeDGjplHoshjY998Oc61jA2hhgRfPCCS4BS6EdS6i4Dl93pVQ==

2
nodes/sophie/vmhost.py
View file

@ -69,7 +69,7 @@ nodes['sophie.vmhost'] = {
'version': 4, 'version': 4,
'shares': { 'shares': {
'/srv/nas': { '/srv/nas': {
'172.19.164.0/24': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check', '172.19.164.0/23': 'ro,all_squash,anonuid=65534,anongid=65534,no_subtree_check',
}, },
}, },
}, },

78
scripts/letsencrypt-wildcard-venv Executable file
View file

@ -0,0 +1,78 @@
#!/usr/bin/env bash
if [[ -z "$1" ]] || [[ "$1" == '--help' ]]
then
echo "Usage: $0 <wildcard-domain>"
exit 1
fi
set -e
domain=$1
certalias="_.$1"
tmpdir=$(mktemp -d)
echo "temp dir is $tmpdir"
#trap 'cd /; rm -Rf "$tmpdir"' EXIT
export BW_REPO_PATH="${BW_REPO_PATH:-$PWD}"
cd -- "$tmpdir"
git clone https://github.com/dehydrated-io/dehydrated.git
cd dehydrated
git checkout "$(git describe --tags --abbrev=0)"
cat >config <<EOF
BASEDIR=$tmpdir
KEYSIZE=4096
HOOK=$tmpdir/dehydrated/hook
RENEW_DAYS=90
CHALLENGETYPE=dns-01
EOF
cat >hook <<"EOF"
#!/usr/bin/env bash
if [[ "$1" == 'deploy_challenge' ]]
then
domain=$2
token_value=$4
echo
echo You must now provide this DNS record:
echo "$(tput bold)_acme-challenge.$domain IN TXT $token_value$(tput sgr0)"
echo
echo "Hit ENTER once it's available."
read
fi
EOF
chmod +x hook
cat <<EOF
You will soon be asked to create several DNS records.
$(tput bold)Please create all of them. The second one does NOT replace
the first one.$(tput sgr0)
EOF
./dehydrated --register --accept-terms -f config
./dehydrated -c -d "$domain" --alias "$certalias" -d "*.$domain" -f config
cd -- "$tmpdir"/certs/"$certalias"
echo
echo Copying final files:
echo
bw_repo=$(${PYENV_ROOT}/versions/bw/bin/bw debug -c 'print(repo.path)')
cd -- "$tmpdir"/certs/"$certalias"
cp -v cert.pem "$bw_repo"/data/ssl/"$certalias".crt.pem
cp -v chain.pem "$bw_repo"/data/ssl/"$certalias".crt_intermediate.pem
echo "Encrypting private key via bw ..."
${PYENV_ROOT}/versions/bw/bin/bw debug -c "repo.vault.encrypt_file('$tmpdir/certs/$certalias/privkey.pem', 'ssl/$certalias.key.pem.vault')"
echo
echo "Certificate and key created."