From 1c05f675a9cddda68b3f05d3b98c9740004657cc Mon Sep 17 00:00:00 2001 From: pvincent Date: Sun, 5 May 2024 23:00:32 +0400 Subject: [PATCH] dmz_certbot --- lib/registrar/ovh-domain.sh | 3 +- scripts/miaou | 79 ++++++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 16 deletions(-) diff --git a/lib/registrar/ovh-domain.sh b/lib/registrar/ovh-domain.sh index 83751bb..51aa69e 100755 --- a/lib/registrar/ovh-domain.sh +++ b/lib/registrar/ovh-domain.sh @@ -5,7 +5,8 @@ function set_base { BASE_URL="https://eu.api.ovh.com/1.0" - source ./.ovh-credential + BASEDIR=$(dirname "$0") + source "$BASEDIR"/.ovh-credential } function build_url_list_records { diff --git a/scripts/miaou b/scripts/miaou index a5f10a9..65d418e 100755 --- a/scripts/miaou +++ b/scripts/miaou @@ -177,12 +177,63 @@ function build_routes() { builtin echo -e "$raw_dnsmasq" | lxc network set $BRIDGE raw.dnsmasq - } +function build_dmz_certbot { + PREFIX="miaou:dmz:certbot" + + # FIXME: to remove + # if [[ "$target" != dev ]]; then + if [[ "$target" == dev ]]; then + + #TODO: check public ip available + my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com) + if hostname -I | grep -q ${my_ip}; then + echo "My PUBLIC IP address is: <$my_ip>" + else + echoerr "This machine can not respond to its PUBLIC IP address: <$my_ip>" #FIXME: && exit 100 + fi + + default_registrar=$(yqm '.registrar.default') + [[ $default_registrar != 'OVH' ]] && echoerr "Sorry, no OVH registrar detected, please provide other registrar protocol" && exit 101 + + readarray -t services < <(yqmt '.expanded.services[] | [ .domain, .fqdn ]') + for service in "${services[@]}"; do + read -r -a item <<<"$service" + + domain=${item[0]} + fqdn=${item[1]} + subDomain=${fqdn%.$domain} + + echo "TODO: fqdn=$fqdn, domain=$domain" + local server_ip + server_ip=$(dig +short A $fqdn) + if [[ $server_ip == "$my_ip" ]]; then + echo "CNAME <$fqdn> approved successfuly!" + else + if [[ -n $server_ip ]]; then + local server_name + server_name=$(dig +short CNAME "$fqdn") + echowarn "CNAME <$fqdn> points to another server: <$server_name>" + else + echo TODO:REGISTRAR needed + "$MIAOU_BASEDIR"/lib/registrar/ovh-domain.sh "$domain" "$subDomain" + fi + fi + + done + else + echo "bypass certbot certificate generation due to target=<$target>" + fi +} + function build_dmz_reverseproxy() { - PREFIX="miaou:build:dmz" - echo -n "building configuration for nginx ... " + PREFIX="miaou:dmz:nginx" + + echo -n "building default configuration for nginx ... " mkdir -p "$MIAOU_CONFIGDIR/nginx" tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null + PREFIX="" echo OK + echo -n "building hosts configuration for nginx ... " tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null PREFIX="" echo OK @@ -190,17 +241,14 @@ function build_dmz_reverseproxy() { for f in "$MIAOU_CONFIGDIR"/nginx/*; do lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null done - PREFIX="" echo OK - cat <