ppmathis · June 24, 2022 21:27
diff --git a/letsencrypt-pdns-hook.sh b/letsencrypt-pdns-hook.sh
 #!/bin/bash

 MYSQL_HOSTNAME="42.42.42.42"
 MYSQL_DATABASE="pdns"
 MYSQL_USERNAME="pdns"
 MYSQL_PASSWORD="pdns"

 CERT_FILE_USER="root"
 CERT_FILE_GROUP="root"

 function _log {
 	echo >&2 "$(date) ${@}"
 }

 function _parse_basedomain {
 	local DOMAIN="${1}"
 	local BASEDOMAIN=$(echo -n "${DOMAIN}" | awk -F'.' '{print $(NF-1) "." $NF}')

 	echo -n "${BASEDOMAIN}"
 }

 function _fetch_domain_id {
 	local BASEDOMAIN="${1}"

 	local STATEMENT="SELECT id FROM domains WHERE name='${BASEDOMAIN}'"
 	local DOMAINID=$(mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}")

 	if [ -z "${DOMAINID}" ]; then
 		_log "Could not get domain ID from PowerDNS database, invalid base domain!"
 		exit 1
 	fi

 	_log "Found domain in database with ID: ${DOMAINID}"

 	echo -n "${DOMAINID}"
 }

 function deploy_challenge {
 	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

 	# Check arguments
 	[ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
 	[ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }

 	# Get domain ID from database
 	local BASEDOMAIN=$(_parse_basedomain "${DOMAIN}")
 	local DOMAINID=$(_fetch_domain_id "${BASEDOMAIN}")

 	# Output some debug information about the task
 	_log "Parsed command line arguments:"
 	_log "> Task: Deploying ACME challenge record"
 	_log "> Domain: ${DOMAIN}"
 	_log "> Base Domain: ${BASEDOMAIN}"
 	_log "> Token Code: ${TOKEN_VALUE}"

 	# Create new _acme-challenge.<DOMAIN> record
 	local STATEMENT="INSERT INTO records (domain_id, name, type, content, ttl) VALUES (${DOMAINID}, '_acme-challenge.${DOMAIN}', 'TXT', '\"${TOKEN_VALUE}\"', 60)"
 	mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
 	if [ $? -ne 0 ]; then
 		_log "Could not insert new ACME challenge record into PowerDNS database!"
 		exit 2
 	fi
 	_log "Inserted ACME challenge record into PowerDNS database."
 }

 function clean_challenge {
 	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

 	# Check arguments
 	[ ! -z "${DOMAIN}" ] || { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
 	[ ! -z "${TOKEN_VALUE}" ] || { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }

 	# Output some debug information about the task
 	_log "Parsed command line arguments:"
 	_log "> Task: Cleanup ACME challenge record(s)"
 	_log "> Domain: ${DOMAIN}"

 	# Delete all old _acme-challenge.<DOMAIN> records
 	local STATEMENT="DELETE FROM records WHERE name='_acme-challenge.${DOMAIN}' AND content='\"${TOKEN_VALUE}\"'"
 	mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
 	if [ $? -ne 0 ]; then
 		_log "Could not delete old ACME challenge records from PowerDNS database!"
 		exit 2
 	fi
 	_log "Deleted all old ACME challenge records from PowerDNS database."
 }

 function deploy_cert {
 	local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
 	local BASEDESTINATION="/opt/certificates/store"
 	local DESTINATION="${BASEDESTINATION}/${DOMAIN}"

 	# Output some debug information about the task
 	_log "Parsed command line arguments:"
 	_log "> Task: Deploy certificate files"
 	_log "> Certificate Store: ${DESTINATION}"
 	_log "> Domain: ${DOMAIN}"
 	_log "> Keyfile: ${KEYFILE}"
 	_log "> Certificate: ${CERTFILE}"
 	_log "> Chainfile: ${CHAINFILE}"

 	# Copy files to our certificate store
 	mkdir -pv "${DESTINATION}"
 	cp -vf "${KEYFILE}" "${DESTINATION}/site.key"
 	cp -vf "${CERTFILE}" "${DESTINATION}/site.crt"
 	cp -vf "${CHAINFILE}" "${DESTINATION}/site.wchain.crt"
 	cat "${DESTINATION}/site.key" "${DESTINATION}/site.crt" > "${DESTINATION}/site.wkey.pem"
 	cat "${DESTINATION}/site.key" "${DESTINATION}/site.wchain.crt" > "${DESTINATION}/site.wkey.wchain.pem"

 	# Fix permissions of certificate store
 	chown -R "${CERT_FILE_USER}:${CERT_FILE_GROUP}" "${BASEDESTINATION}"
 	find "${BASEDESTINATION}" -type d -exec chmod 750 {} \;
 	find "${BASEDESTINATION}" -type f -exec chmod 440 {} \;
 }

 if [ $(id -u) -ne 0 ]; then
 	_log "This application can only be run as root, exiting..."
 	exit 3
 fi

 HANDLER=$1; shift; $HANDLER $@
	#!/bin/bash

	MYSQL_HOSTNAME="42.42.42.42"
	MYSQL_DATABASE="pdns"
	MYSQL_USERNAME="pdns"
	MYSQL_PASSWORD="pdns"

	CERT_FILE_USER="root"
	CERT_FILE_GROUP="root"

	function _log {
	echo >&2 "$(date) ${@}"
	}

	function _parse_basedomain {
	local DOMAIN="${1}"
	local BASEDOMAIN=$(echo -n "${DOMAIN}" \| awk -F'.' '{print $(NF-1) "." $NF}')

	echo -n "${BASEDOMAIN}"
	}

	function _fetch_domain_id {
	local BASEDOMAIN="${1}"

	local STATEMENT="SELECT id FROM domains WHERE name='${BASEDOMAIN}'"
	local DOMAINID=$(mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}")

	if [ -z "${DOMAINID}" ]; then
	_log "Could not get domain ID from PowerDNS database, invalid base domain!"
	exit 1
	fi

	_log "Found domain in database with ID: ${DOMAINID}"

	echo -n "${DOMAINID}"
	}

	function deploy_challenge {
	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

	# Check arguments
	[ ! -z "${DOMAIN}" ] \|\| { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
	[ ! -z "${TOKEN_VALUE}" ] \|\| { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }

	# Get domain ID from database
	local BASEDOMAIN=$(_parse_basedomain "${DOMAIN}")
	local DOMAINID=$(_fetch_domain_id "${BASEDOMAIN}")

	# Output some debug information about the task
	_log "Parsed command line arguments:"
	_log "> Task: Deploying ACME challenge record"
	_log "> Domain: ${DOMAIN}"
	_log "> Base Domain: ${BASEDOMAIN}"
	_log "> Token Code: ${TOKEN_VALUE}"

	# Create new _acme-challenge.<DOMAIN> record
	local STATEMENT="INSERT INTO records (domain_id, name, type, content, ttl) VALUES (${DOMAINID}, '_acme-challenge.${DOMAIN}', 'TXT', '\"${TOKEN_VALUE}\"', 60)"
	mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
	if [ $? -ne 0 ]; then
	_log "Could not insert new ACME challenge record into PowerDNS database!"
	exit 2
	fi
	_log "Inserted ACME challenge record into PowerDNS database."
	}

	function clean_challenge {
	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

	# Check arguments
	[ ! -z "${DOMAIN}" ] \|\| { _log 'Missing parameter: DOMAIN ($1)'; exit 1; }
	[ ! -z "${TOKEN_VALUE}" ] \|\| { _log 'Missing parameter: TOKEN_VALUE ($3)'; exit 1; }

	# Output some debug information about the task
	_log "Parsed command line arguments:"
	_log "> Task: Cleanup ACME challenge record(s)"
	_log "> Domain: ${DOMAIN}"

	# Delete all old _acme-challenge.<DOMAIN> records
	local STATEMENT="DELETE FROM records WHERE name='_acme-challenge.${DOMAIN}' AND content='\"${TOKEN_VALUE}\"'"
	mysql "${MYSQL_DATABASE}" -h "${MYSQL_HOSTNAME}" -u "${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -ss -e "${STATEMENT}"
	if [ $? -ne 0 ]; then
	_log "Could not delete old ACME challenge records from PowerDNS database!"
	exit 2
	fi
	_log "Deleted all old ACME challenge records from PowerDNS database."
	}

	function deploy_cert {
	local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
	local BASEDESTINATION="/opt/certificates/store"
	local DESTINATION="${BASEDESTINATION}/${DOMAIN}"

	# Output some debug information about the task
	_log "Parsed command line arguments:"
	_log "> Task: Deploy certificate files"
	_log "> Certificate Store: ${DESTINATION}"
	_log "> Domain: ${DOMAIN}"
	_log "> Keyfile: ${KEYFILE}"
	_log "> Certificate: ${CERTFILE}"
	_log "> Chainfile: ${CHAINFILE}"

	# Copy files to our certificate store
	mkdir -pv "${DESTINATION}"
	cp -vf "${KEYFILE}" "${DESTINATION}/site.key"
	cp -vf "${CERTFILE}" "${DESTINATION}/site.crt"
	cp -vf "${CHAINFILE}" "${DESTINATION}/site.wchain.crt"
	cat "${DESTINATION}/site.key" "${DESTINATION}/site.crt" > "${DESTINATION}/site.wkey.pem"
	cat "${DESTINATION}/site.key" "${DESTINATION}/site.wchain.crt" > "${DESTINATION}/site.wkey.wchain.pem"

	# Fix permissions of certificate store
	chown -R "${CERT_FILE_USER}:${CERT_FILE_GROUP}" "${BASEDESTINATION}"
	find "${BASEDESTINATION}" -type d -exec chmod 750 {} \;
	find "${BASEDESTINATION}" -type f -exec chmod 440 {} \;
	}

	if [ $(id -u) -ne 0 ]; then
	_log "This application can only be run as root, exiting..."
	exit 3
	fi

	HANDLER=$1; shift; $HANDLER $@