viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update drone yml to use cloudflare for acme challenge [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-02-15 14:20:31 +00:00
parent 1a9844dc7c
commit 9770faba02
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
2 changed files with 32 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.drone.yml
View file

@ -90,6 +90,10 @@ steps:
TF_VAR_prod: "true" TF_VAR_prod: "true"
TECHNITIUM_API_KEY: TECHNITIUM_API_KEY:
from_secret: TECHNITIUM_API_KEY from_secret: TECHNITIUM_API_KEY
CLOUDFLARE_TOKEN:
from_secret: CLOUDFLARE_TOKEN
CLOUDFLARE_ZONE_ID:
from_secret: CLOUDFLARE_ZONE_ID
commands: commands:
- "apk update && apk add git certbot expect curl gzip wget" - "apk update && apk add git certbot expect curl gzip wget"
# Install terraform cli # Install terraform cli

32
modules/kubernetes/setup_tls_secret/renew2.sh
View file

@ -14,10 +14,25 @@ echo "Creating $certbot_auth"
cat << EOF > $certbot_auth cat << EOF > $certbot_auth
#!/usr/bin/env sh #!/usr/bin/env sh
# Generate API token from DNS web console # Generate API token from DNS web console
API_TOKEN="$technitium_token"
# Create challenge TXT record # Create challenge TXT record
curl "http://technitium-web.technitium.svc.cluster.local:5380/api/zones/records/add?token=\$API_TOKEN&domain=_acme-challenge.\$CERTBOT_DOMAIN&type=TXT&ttl=60&text=\$CERTBOT_VALIDATION"
# TECHNITIUM
#API_TOKEN="$technitium_token"
# curl "http://technitium-web.technitium.svc.cluster.local:5380/api/zones/records/add?token=\$API_TOKEN&domain=_acme-challenge.\$CERTBOT_DOMAIN&type=TXT&ttl=60&text=\$CERTBOT_VALIDATION"
# CLOUDFLARE
curl https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $CLOUDFLARE_TOKEN" \
-d '{
"comment": "Domain verification record",
"content": "$CERTBOT_VALIDATION",
"name": "_acme-challenge.$CERTBOT_DOMAIN",
"proxied": false,
"ttl": 60,
"type": "TXT"
}'
# Sleep to make sure the change has time to propagate from primary to secondary name servers # Sleep to make sure the change has time to propagate from primary to secondary name servers
sleep 25 sleep 25
@ -31,10 +46,19 @@ echo "Creating $certbot_cleanup"
cat << EOF > $certbot_cleanup cat << EOF > $certbot_cleanup
#!/usr/bin/env sh #!/usr/bin/env sh
# Generate API token from DNS web console # Generate API token from DNS web console
API_TOKEN="$technitium_token"
# Delete challenge TXT record # Delete challenge TXT record
curl "http://technitium-web.technitium.svc.cluster.local:5380/api/zones/records/delete?token=\$API_TOKEN&domain=_acme-challenge.\$CERTBOT_DOMAIN&type=TXT&text=\$CERTBOT_VALIDATION"
# TECHNIUM
#API_TOKEN="$technitium_token"
#curl "http://technitium-web.technitium.svc.cluster.local:5380/api/zones/records/delete?token=\$API_TOKEN&domain=_acme-challenge.\$CERTBOT_DOMAIN&type=TXT&text=\$CERTBOT_VALIDATION"
# CLOUDFLARE
record_id=$(curl https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records -H "Authorization: Bearer $CLOUDFLARE_TOKEN" | jq -r '.result[] | select(.name | contains("acme")) | .id')
curl https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/$record_id \
-X DELETE \
-H "Authorization: Bearer $CLOUDFLARE_TOKEN"
EOF EOF
chmod 700 $certbot_cleanup chmod 700 $certbot_cleanup