From e4d1c00d4e903cc779863c8ddc937d08261e6d36 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Wed, 7 Jul 2021 20:53:13 +0200
Subject: [PATCH] wip

---
 bundles/letsencrypt/metadata.py | 34 +++++++++++++++++++++++++++++----
 nodes/home.server.py            |  6 ------
 nodes/htz.mails.py              |  3 +++
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py
index 53a4828..4897343 100644
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@@ -1,13 +1,11 @@
+from ipaddress import ip_interface
+
 defaults = {
     'apt': {
         'packages': {
             'dehydrated': {},
         },
     },
-    'cron': {
-        'letsencrypt_renew': '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
-        'letsencrypt_cleanup': '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
-    },
     'letsencrypt': {
         'domains': {},
     },
@@ -19,6 +17,34 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'systemd-timers/letsencrypt',
+    'mirror/certs',
+)
+def renew(metadata):
+    delegated_node = metadata.get('letsencrypt/delegate_to_node', False)
+    
+    if delegated_node:
+        delegated_ip = ip_interface(repo.get_node(delegated_node).metadata.get('network/internal/ipv4')).ip
+        return {
+            'mirror': {
+                'certs': {
+                    'from': f"{delegated_ip}:/var/lib/dehydrated/certs",
+                    'to': '/var/lib/dehydrated',
+                },
+            },
+        }
+    else:
+        return {
+            'systemd-timers': {
+                'letsencrypt': {
+                    'command': '/usr/bin/dehydrated --cron --accept-terms --challenge http-01 && /usr/bin/dehydrated --cleanup',
+                    'when': 'daily',
+                },
+            },
+        }
+
+
 @metadata_reactor.provides(
     'letsencrypt/domains'
 )
diff --git a/nodes/home.server.py b/nodes/home.server.py
index 17031b4..eb62628 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -20,12 +20,6 @@
     ],
     'metadata': {
         'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
-        'mirror': {
-            'certs': {
-                'from': '10.0.10.2:/var/lib/dehydrated/certs',
-                'to': '/var/lib/dehydrated/certs',
-            },
-        },
         'network': {
             'internal': {
                 'interface': 'enp1s0f0',
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index d8b8ce4..8b906e1 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -105,6 +105,9 @@
                 'authorized_users': [
                     'root@home.server',
                 ],
+                'authorized_keys': [
+                    'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHMKTJLw6Cb+MLt+9JFOkuo2QBpuA8EoTKOFpb3IFQHEq19YLMzOhcErWmzaRfiCnILhnwTQz0njS+n9Qu4aghk= root@mail.sublimity.de'
+                ],
             },
         },
         'vm': {