Commit 529e6dae authored by Dmytro Bogatov's avatar Dmytro Bogatov 💕

Add lets-encrypt scripts for automatic DNS-01 challenge.

parent a57f5913
......@@ -4,3 +4,5 @@
.terraform/
*.lock*
infra/services/
.secret.sh
#!/usr/bin/env bash
set -e
shopt -s globstar
# Ensure that the CWD is set to script's location
cd "${0%/*}"
CWD=$(pwd)
source ./.secret.sh
curl -s -X PUT -d "$CERTBOT_VALIDATION" --user $EMAIL:$PASSWORD https://box.dbogatov.org/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
sleep 1
#!/usr/bin/env bash
set -e
shopt -s globstar
# Ensure that the CWD is set to script's location
cd "${0%/*}"
CWD=$(pwd)
source ./.secret.sh
curl -s -X DELETE --user $EMAIL:$PASSWORD https://box.dbogatov.org/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
#!/usr/bin/env bash
set -e
shopt -s globstar
usage () {
printf "usage: ./$0 <domain> <value>\n"
exit 1;
}
if ! [ $# -eq 2 ]
then
usage
fi
DOMAIN=$1
VALUE=$2
curl -X PUT -d "$VALUE" --user $EMAIL:$PASSWORD https://box.dbogatov.org/admin/dns/custom/$DOMAIN/TXT
echo "Done!"
#!/usr/bin/env bash
declare -A DOMAINS
DOMAINS["dbogatov.org"]=true
DOMAINS["status.dbogatov.org"]=false
DOMAINS["blog.dbogatov.org"]=false
DOMAINS["legacy.dbogatov.org"]=false
DOMAINS["push.dbogatov.org"]=false
DOMAINS["socialimps.dbogatov.org"]=false
DOMAINS["mail.dbogatov.org"]=false
DOMAINS["dns.dbogatov.org"]=false
DOMAINS["vpn.dbogatov.org"]=false
DOMAINS["apt.dbogatov.org"]=false
DOMAINS["dashboard.dbogatov.org"]=false
DOMAINS["cluster.dbogatov.org"]=false
DOMAINS["bogatov.kiev.ua"]=true
DOMAINS["blog.bogatov.kiev.ua"]=false
DOMAINS["visasupport.com.ua"]=true
DOMAINS["zima.visasupport.com.ua"]=false
DOMAINS["visasupport.kiev.ua"]=true
DOMAINS["eu.visasupport.kiev.ua"]=false
DOMAINS["lp.visasupport.kiev.ua"]=false
DOMAINS["darinagulley.com"]=true
DOMAINS["moon-travel.com.ua"]=true
DOMAINS["nigmatullina.org"]=true
DOMAINS["photobarrat.com"]=true
DOMAINS["res-public.net"]=true
DOMAINS["shevastream.com"]=true
DOMAINS["travelus.com.ua"]=true
DOMAINS["veles-russia.com"]=true
DOMAINS["visajapan.com.ua"]=true
DOMAINS["vleskniga.com"]=true
DOMAINS["votings.net"]=true
get-domains () {
OUTPUT=""
for domain in "${!DOMAINS[@]}"
do
OUTPUT+="$domain,"
if [ "${DOMAINS[${domain}]}" = true ] ; then
OUTPUT+="www.$domain,"
fi
OUTPUT+="${domain//./-}.cluster.dbogatov.org,"
done
echo ${OUTPUT%?}
}
get-domains
#!/usr/bin/env bash
set -e
shopt -s globstar
# Ensure that the CWD is set to script's location
cd "${0%/*}"
CWD=$(pwd)
source ./domains.sh
REQDOMAINS=$(get-domains)
certbot certonly \
\
--text --agree-tos --email dmytro@dbogatov.org \
--expand --renew-by-default \
--manual-public-ip-logging-ok \
\
--manual \
--preferred-challenges dns \
\
--manual-auth-hook $CWD/authenticator.sh \
--manual-cleanup-hook $CWD/cleanup.sh \
\
-d $REQDOMAINS
......@@ -33,11 +33,18 @@ CERTPATH=$3
echo "Initializing cluster on DigitalOcean"
# Add identity
ssh-add ~/.ssh/id_rsa
cd $CWD/terraform/clusters/
terraform destroy -force
terraform init
terraform apply -auto-approve
echo "Waiting 30 secs..."
sleep 30
# Add SWAP to master
echo "Adding SWAP file to the master"
......@@ -137,4 +144,4 @@ echo "Done!"
echo "Here is the dashboard login token"
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | tail -n1
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment