add scripts/passwords-for and scripts/letsencrypt-wildcard
This commit is contained in:
parent
ae37b65220
commit
0e6fbd3e78
GPG key ID:
12E3D2136B818350
2 changed files with 106 additions and 0 deletions
74
scripts/letsencrypt-wildcard
Executable file
74
scripts/letsencrypt-wildcard
Executable file
|
|
@ -0,0 +1,74 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
if [[ -z "$1" ]] || [[ "$1" == '--help' ]]
|
||||
then
|
||||
echo "Usage: $0 <wildcard-domain>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
domain=$1
|
||||
certalias="_.$1"
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'cd /; rm -Rf "$tmpdir"' EXIT
|
||||
|
||||
export BW_REPO_PATH="${BW_REPO_PATH:-$PWD}"
|
||||
|
||||
cd -- "$tmpdir"
|
||||
git clone https://github.com/dehydrated-io/dehydrated.git
|
||||
cd dehydrated
|
||||
git checkout "$(git describe --tags --abbrev=0)"
|
||||
|
||||
cat >config <<EOF
|
||||
BASEDIR=$tmpdir
|
||||
KEYSIZE=4096
|
||||
HOOK=$tmpdir/dehydrated/hook
|
||||
RENEW_DAYS=90
|
||||
CHALLENGETYPE=dns-01
|
||||
EOF
|
||||
|
||||
cat >hook <<"EOF"
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [[ "$1" == 'deploy_challenge' ]]
|
||||
then
|
||||
domain=$2
|
||||
token_value=$4
|
||||
|
||||
echo
|
||||
echo You must now provide this DNS record:
|
||||
echo "$(tput bold)_acme-challenge.$domain. IN TXT $token_value$(tput sgr0)"
|
||||
echo
|
||||
echo "Hit ENTER once it's available."
|
||||
read
|
||||
fi
|
||||
EOF
|
||||
chmod +x hook
|
||||
|
||||
cat <<EOF
|
||||
|
||||
You will soon be asked to create several DNS records.
|
||||
$(tput bold)Please create all of them. The second one does NOT replace
|
||||
the first one.$(tput sgr0)
|
||||
|
||||
EOF
|
||||
|
||||
./dehydrated --register --accept-terms -f config
|
||||
./dehydrated -c -d "$domain" --alias "$certalias" -d "*.$domain" -f config
|
||||
|
||||
cd -- "$tmpdir"/certs/"$certalias"
|
||||
|
||||
echo
|
||||
echo Copying final files:
|
||||
echo
|
||||
bw_repo=$(bw debug -c 'print(repo.path)')
|
||||
cp -v cert.pem "$bw_repo"/data/ssl/"$certalias".crt.pem
|
||||
cp -v chain.pem "$bw_repo"/data/ssl/"$certalias".crt_intermediate.pem
|
||||
|
||||
echo "Encrypting private key via bw ..."
|
||||
bw debug -c "repo.vault.encrypt_file('$tmpdir/certs/$certalias/privkey.pem', 'ssl/$certalias.key.pem.vault')"
|
||||
|
||||
echo
|
||||
echo "Certificate and key created."
|
||||
32
scripts/passwords-for
Executable file
32
scripts/passwords-for
Executable file
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env python3
|
||||
from os import environ
|
||||
from sys import argv
|
||||
|
||||
from bundlewrap.repo import Repository
|
||||
from bundlewrap.utils import Fault
|
||||
from bundlewrap.exceptions import FaultUnavailable
|
||||
|
||||
|
||||
path = environ.get('BW_REPO_PATH', '.')
|
||||
repo = Repository(path)
|
||||
|
||||
def print_faults(dictionary, keypath=[]):
|
||||
for key, value in sorted(dictionary.items()):
|
||||
if isinstance(value, Fault):
|
||||
try:
|
||||
resolved_fault = value.value
|
||||
except FaultUnavailable:
|
||||
print('{}/{}: [permission denied]'.format('/'.join(keypath), key))
|
||||
else:
|
||||
if '\n' not in resolved_fault:
|
||||
print('{}/{}: {}'.format('/'.join(keypath), key, value))
|
||||
elif isinstance(value, dict):
|
||||
print_faults(value, keypath=keypath+[key])
|
||||
|
||||
|
||||
if len(argv) == 1:
|
||||
print('node name missing')
|
||||
exit(1)
|
||||
|
||||
node = repo.get_node(argv[1])
|
||||
print_faults(node.metadata)
|
||||
Loading…
Reference in a new issue