acme_node

2021-11-06 13:30:26 +01:00 · 2021-11-06 13:30:26 +01:00 · fd15227637
commit fd15227637
parent e13f493c22
5 changed files with 16 additions and 15 deletions
--- a/bundles/bind-acme/metadata.py
+++ b/bundles/bind-acme/metadata.py
@ -8,7 +8,7 @@ def acme_records(metadata):
    return {
        'dns': {
            f'_acme-challenge.{domain}': {
-                'CNAME': {f"{domain}.{metadata.get('bind/acme_hostname')}."},
+                'CNAME': {f"{domain}.{metadata.get('bind/acme_zone')}."},
            }
                for other_node in repo.nodes
                for domain in other_node.metadata.get('letsencrypt/domains', {}).keys()
@ -26,7 +26,7 @@ def acme_zone(metadata):
    return {
        'bind': {
            'zones': {
-                metadata.get('bind/acme_hostname'): {
+                metadata.get('bind/acme_zone'): {
                    'dynamic': True,
                    'records': set(),
                    'views': ['external'],
--- a/bundles/letsencrypt/files/hook.sh
+++ b/bundles/letsencrypt/files/hook.sh
@ -9,8 +9,8 @@ deploy_challenge() {
  CHALLENGE=$3
  KEY=hmac-sha512:acme.sublimity.de:${acme_key}
  cmd="
-    server 162.55.188.157
+    server $SERVER
-    zone acme.sublimity.de.
+    zone $ACME_ZONE.
    update add $DOMAIN.$ACME_ZONE. 60 IN TXT \"$CHALLENGE\"
    send
  "
@ -31,8 +31,8 @@ clean_challenge() {
  CHALLENGE=$3
  KEY=hmac-sha512:acme.sublimity.de:${acme_key}
  cmd="
-    server 162.55.188.157
+    server $SERVER
-    zone acme.sublimity.de.
+    zone $ACME_ZONE.
    update delete $DOMAIN.$ACME_ZONE. TXT
    send
  "
--- a/bundles/letsencrypt/items.py
+++ b/bundles/letsencrypt/items.py
@ -1,6 +1,9 @@
 assert node.has_bundle('nginx')
 from ipaddress import ip_interface
 delegated = 'delegate_to_node' in node.metadata.get('letsencrypt')
 acme_node = repo.get_node(node.metadata.get('letsencrypt/acme_node'))
 directories = {
    '/etc/dehydrated/conf.d': {},
@ -22,9 +25,9 @@ files = {
    '/etc/dehydrated/hook.sh': {
        'content_type': 'mako',
        'context': {
-            'server': node.metadata.get('network/external/ipv4').split('/')[0],
+            'server': ip_interface(acme_node.metadata.get('network/external/ipv4')).ip,
-            'zone': node.metadata.get('bind/acme_hostname'),
+            'zone': acme_node.metadata.get('bind/acme_zone'),
-            'acme_key': node.metadata.get('bind/keys/acme.sublimity.de'),
+            'acme_key': acme_node.metadata.get('bind/keys/' + acme_node.metadata.get('bind/acme_zone')),
        },
        'mode': '0755',
    },
--- a/groups/all.py
+++ b/groups/all.py
@ -17,5 +17,8 @@
                },
            },
        },
        'letsencrypt': {
            'acme_node': 'htz.mails',
        },
    }
 }
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -32,7 +32,7 @@
        },
        'bind': {
            'hostname': 'resolver.name',
-            'acme_hostname': 'acme.sublimity.de',
+            'acme_zone': 'acme.sublimity.de',
            'zones': {
                'sublimity.de': {},
                'freibrief.net': {},
@ -64,11 +64,6 @@
        'letsencrypt': {
            'domains': {
                'ckn.li': set(),
                'test1.ckn.li': set(),
                'test2.ckn.li': set(),
                'test3.ckn.li': set(),
                'test4.ckn.li': set(),
                'test5.ckn.li': set(),
                'sublimity.de': set(),
                'freibrief.net': set(),
            },