add scripts/passwords-for and scripts/letsencrypt-wildcard

2021-12-17 11:28:10 +01:00 · 2021-12-17 11:28:10 +01:00 · 0e6fbd3e78
commit 0e6fbd3e78
parent ae37b65220
2 changed files with 106 additions and 0 deletions
--- a/scripts/letsencrypt-wildcard
+++ b/scripts/letsencrypt-wildcard
@ -0,0 +1,74 @@
 #!/usr/bin/env bash
 if [[ -z "$1" ]] || [[ "$1" == '--help' ]]
 then
    echo "Usage: $0 <wildcard-domain>"
    exit 1
 fi
 set -e
 domain=$1
 certalias="_.$1"
 tmpdir=$(mktemp -d)
 trap 'cd /; rm -Rf "$tmpdir"' EXIT
 export BW_REPO_PATH="${BW_REPO_PATH:-$PWD}"
 cd -- "$tmpdir"
 git clone https://github.com/dehydrated-io/dehydrated.git
 cd dehydrated
 git checkout "$(git describe --tags --abbrev=0)"
 cat >config <<EOF
 BASEDIR=$tmpdir
 KEYSIZE=4096
 HOOK=$tmpdir/dehydrated/hook
 RENEW_DAYS=90
 CHALLENGETYPE=dns-01
 EOF
 cat >hook <<"EOF"
 #!/usr/bin/env bash
 if [[ "$1" == 'deploy_challenge' ]]
 then
    domain=$2
    token_value=$4
    echo
    echo You must now provide this DNS record:
    echo "$(tput bold)_acme-challenge.$domain. IN TXT $token_value$(tput sgr0)"
    echo
    echo "Hit ENTER once it's available."
    read
 fi
 EOF
 chmod +x hook
 cat <<EOF
 You will soon be asked to create several DNS records.
 $(tput bold)Please create all of them. The second one does NOT replace
 the first one.$(tput sgr0)
 EOF
 ./dehydrated --register --accept-terms -f config
 ./dehydrated -c -d "$domain" --alias "$certalias" -d "*.$domain" -f config
 cd -- "$tmpdir"/certs/"$certalias"
 echo
 echo Copying final files:
 echo
 bw_repo=$(bw debug -c 'print(repo.path)')
 cp -v cert.pem "$bw_repo"/data/ssl/"$certalias".crt.pem
 cp -v chain.pem "$bw_repo"/data/ssl/"$certalias".crt_intermediate.pem
 echo "Encrypting private key via bw ..."
 bw debug -c "repo.vault.encrypt_file('$tmpdir/certs/$certalias/privkey.pem', 'ssl/$certalias.key.pem.vault')"
 echo
 echo "Certificate and key created."
--- a/scripts/passwords-for
+++ b/scripts/passwords-for
@ -0,0 +1,32 @@
 #!/usr/bin/env python3
 from os import environ
 from sys import argv
 from bundlewrap.repo import Repository
 from bundlewrap.utils import Fault
 from bundlewrap.exceptions import FaultUnavailable
 path = environ.get('BW_REPO_PATH', '.')
 repo = Repository(path)
 def print_faults(dictionary, keypath=[]):
    for key, value in sorted(dictionary.items()):
        if isinstance(value, Fault):
            try:
                resolved_fault = value.value
            except FaultUnavailable:
                print('{}/{}: [permission denied]'.format('/'.join(keypath), key))
            else:
                if '\n' not in resolved_fault:
                    print('{}/{}: {}'.format('/'.join(keypath), key, value))
        elif isinstance(value, dict):
            print_faults(value, keypath=keypath+[key])
 if len(argv) == 1:
    print('node name missing')
    exit(1)
 node = repo.get_node(argv[1])
 print_faults(node.metadata)