diff options
Diffstat (limited to '')
-rwxr-xr-x | dehydrated/bin/dehydrated-nsupdate | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate new file mode 100755 index 0000000..f901d2e --- /dev/null +++ b/dehydrated/bin/dehydrated-nsupdate @@ -0,0 +1,92 @@ +#!/bin/sh + +set -e + +HOOK="$(basename "${0}")" +HOOK_ACTION="$(echo "${HOOK}" | awk -F. '{ print $1 }')" + +# set nsupdate action +case "${HOOK}" in + clean_challenge.*) + HOOK_ACTION="delete" + ;; + + deploy_challenge.*) + HOOK_ACTION="add" + ;; + + *) + echo "'${HOOK}': no such hook action '${HOOK_ACTION}'" >&2 + echo "'${HOOK}': use 'clean_challenge.' or 'deploy_challenge.' as prefix in your symlink" >&2 + exit 1 + ;; +esac + +# alternatives handling for dig +if command -v kdig > /dev/null 2>&1 +then + # knot-dnsutils + DIG="kdig" +elif command -v dig > /dev/null 2>&1 +then + # bind-dnsutils + DIG="dig" +else + echo "'${HOOK}': need dig from bind-dnsutils or knot-dnsutils" >&2 + exit 1 +fi + +# alternatives handling for nsupdate +if command -v knsupdate > /dev/null 2>&1 +then + # knot-dnsutils + NSUPDATE="knsupdate" +elif command -v nsupdate > /dev/null 2>&1 +then + # bind-dnsutils + NSUPDATE="nsupdate" +else + echo "'${HOOK}': need nsupdate from bind-dnsutils or knot-dnsutils" >&2 + exit 1 +fi + +# find txt record to update +CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" 2>&1 | awk '/CNAME/ { print $5 }' | tail -n1)" + +if [ -n "${CNAME}" ] +then + UPDATE_DOMAIN="${CNAME}" +else + UPDATE_DOMAIN="_acme-challenge.${DOMAIN}" +fi + +# find nameservers to update +ZONE="${UPDATE_DOMAIN}" + +while true +do + NAMESERVERS="$(${DIG} NS "${ZONE}" 2>&1 | awk '/NS/ { print $5 }' | tail -n1)" + + if [ -n "${NAMESERVERS}" ] + then + break + else + ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)" + fi +done + +NAMESERVERS="$(${DIG} +short NS "${ZONE}")" + +# update nameservers +for NAMESERVER in ${NAMESERVERS} +do + echo -n " + Adding TXT record (${UPDATE_DOMAIN})..." + +echo "server ${NAMESERVER} +zone ${ZONE} +ttl 0 +update ${HOOK_ACTION} ${UPDATE_DOMAIN} 0 TXT ${TOKEN_VALUE} +send" | "${NSUPDATE}" + + echo " done." +done |