Browse Source

dmz_certbot

main
pvincent 7 months ago
parent
commit
1c05f675a9
  1. 3
      lib/registrar/ovh-domain.sh
  2. 79
      scripts/miaou

3
lib/registrar/ovh-domain.sh

@ -5,7 +5,8 @@
function set_base { function set_base {
BASE_URL="https://eu.api.ovh.com/1.0" BASE_URL="https://eu.api.ovh.com/1.0"
source ./.ovh-credential
BASEDIR=$(dirname "$0")
source "$BASEDIR"/.ovh-credential
} }
function build_url_list_records { function build_url_list_records {

79
scripts/miaou

@ -177,12 +177,63 @@ function build_routes() {
builtin echo -e "$raw_dnsmasq" | lxc network set $BRIDGE raw.dnsmasq - builtin echo -e "$raw_dnsmasq" | lxc network set $BRIDGE raw.dnsmasq -
} }
function build_dmz_certbot {
PREFIX="miaou:dmz:certbot"
# FIXME: to remove
# if [[ "$target" != dev ]]; then
if [[ "$target" == dev ]]; then
#TODO: check public ip available
my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
if hostname -I | grep -q ${my_ip}; then
echo "My PUBLIC IP address is: <$my_ip>"
else
echoerr "This machine can not respond to its PUBLIC IP address: <$my_ip>" #FIXME: && exit 100
fi
default_registrar=$(yqm '.registrar.default')
[[ $default_registrar != 'OVH' ]] && echoerr "Sorry, no OVH registrar detected, please provide other registrar protocol" && exit 101
readarray -t services < <(yqmt '.expanded.services[] | [ .domain, .fqdn ]')
for service in "${services[@]}"; do
read -r -a item <<<"$service"
domain=${item[0]}
fqdn=${item[1]}
subDomain=${fqdn%.$domain}
echo "TODO: fqdn=$fqdn, domain=$domain"
local server_ip
server_ip=$(dig +short A $fqdn)
if [[ $server_ip == "$my_ip" ]]; then
echo "CNAME <$fqdn> approved successfuly!"
else
if [[ -n $server_ip ]]; then
local server_name
server_name=$(dig +short CNAME "$fqdn")
echowarn "CNAME <$fqdn> points to another server: <$server_name>"
else
echo TODO:REGISTRAR needed
"$MIAOU_BASEDIR"/lib/registrar/ovh-domain.sh "$domain" "$subDomain"
fi
fi
done
else
echo "bypass certbot certificate generation due to target=<$target>"
fi
}
function build_dmz_reverseproxy() { function build_dmz_reverseproxy() {
PREFIX="miaou:build:dmz"
echo -n "building configuration for nginx ... "
PREFIX="miaou:dmz:nginx"
echo -n "building default configuration for nginx ... "
mkdir -p "$MIAOU_CONFIGDIR/nginx" mkdir -p "$MIAOU_CONFIGDIR/nginx"
tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null
PREFIX="" echo OK
echo -n "building hosts configuration for nginx ... "
tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null
PREFIX="" echo OK PREFIX="" echo OK
@ -190,17 +241,14 @@ function build_dmz_reverseproxy() {
for f in "$MIAOU_CONFIGDIR"/nginx/*; do for f in "$MIAOU_CONFIGDIR"/nginx/*; do
lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null
done done
PREFIX="" echo OK
cat <<EOF | PREFIX="miaou:build:dmz" lxc_exec "$DMZ_CONTAINER" cat <<EOF | PREFIX="miaou:build:dmz" lxc_exec "$DMZ_CONTAINER"
cd /etc/nginx/sites-enabled/ cd /etc/nginx/sites-enabled/
for i in ../sites-available/*; do for i in ../sites-available/*; do
# echo dmz: enabling... \$i
ln -sf \$i ln -sf \$i
done done
nginx -tq
systemctl restart nginx
nginx -tq && systemctl restart nginx
EOF EOF
PREFIX="" echo OK
echo "nginx reloaded successfully!" echo "nginx reloaded successfully!"
} }
@ -489,15 +537,16 @@ DMZ_IP=$(get_dmz_ip)
readonly DMZ_IP DMZ_CONTAINER readonly DMZ_IP DMZ_CONTAINER
if check_expand_conf; then if check_expand_conf; then
archive_allconf
# archive_allconf
expand_conf expand_conf
check_resolv_conf
build_nftables
prepare_containers
build_services
build_dmz_reverseproxy
build_routes
build_monit
# check_resolv_conf
# build_nftables
# prepare_containers
# build_services
build_dmz_certbot
# build_dmz_reverseproxy
# build_routes
# build_monit
else else
monit_show monit_show
fi fi
Loading…
Cancel
Save