[sysadmin-bin] Add certbot DNS-01 cleanup hook

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Add certbot DNS-01 cleanup hook
Date: Fri, 4 Mar 2022 11:32:10 +0000 (UTC)

commit 2e0fb6a02a024503b3f1ab3b8f2213ffb0bf6b1f
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Fri Mar 4 12:32:00 2022 +0100

    Add certbot DNS-01 cleanup hook

 certbot/cleanup-hook | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
---
diff --git a/certbot/cleanup-hook b/certbot/cleanup-hook
new file mode 100755
index 0000000..c9e1921
--- /dev/null
+++ b/certbot/cleanup-hook
@@ -0,0 +1,66 @@
+#!/usr/bin/python3
+
+import os
+import subprocess
+import sys
+import tempfile
+import time
+
+import pygit2
+
+
+def commit_all(repo, message):
+    repo.index.add_all()
+    repo.index.write()
+    tree = repo.index.write_tree()
+    author = pygit2.Signature("certbot", "certbot nsd01 gnome org")
+    committer = pygit2.Signature("certbot", "certbot nsd01 gnome org")
+
+    oid = repo.create_commit(
+        "refs/heads/master",
+        author,
+        committer,
+        message,
+        tree,
+        [repo.head.get_object().hex],
+    )
+
+    return oid
+
+
+def main():
+    domain = os.getenv("CERTBOT_DOMAIN")
+    if not domain:
+        sys.exit(1)
+
+    token = os.getenv("CERTBOT_VALIDATION")
+    if not token:
+        sys.exit(1)
+
+    base_domain = ".".join(domain.split(".")[-2:])
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        repo = pygit2.clone_repository("/git/dns.git", tmpdir)
+        if not repo:
+            sys.exit(1)
+
+        dns_entry = f'_acme-challenge.{domain}. IN TXT "{token}"'
+        with open(f"{tmpdir}/master/{base_domain}", "r") as f:
+            zone = f.readlines()
+
+        with open(f"{tmpdir}/master/{base_domain}", "w") as f:
+            for line in zone:
+                if line.strip("\n") != dns_entry:
+                    f.write(line)
+
+        commit_all(repo, f"Remove Let's Encrypt token for {domain}")
+
+        os.chdir(tmpdir)
+        subprocess.run(["./do-domains"], check=True)
+        commit_all(repo, "done build")
+
+        repo.remotes[0].push(["refs/heads/master:refs/heads/master"])
+
+
+if __name__ == "__main__":
+    main()

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]