ledns_writer

2026-05-21 14:02:15 +00:00 · 2024-03-03 01:31:58 +01:00
parent e079bd1c67
commit 09260b26b6
3 changed files with 34 additions and 19 deletions
--- a/init-server.py
+++ b/init-server.py
@@ -107,7 +107,6 @@ def ledns_writer(hostname, user, port):
    setup_ledns_writer(c)


-
@cli.command()
@common_options
 def debug(hostname, user, port):
--- a/scripts/ledns/rclone_write.sh
+++ b/scripts/ledns/rclone_write.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+#env > /data/ofm/ledns/env.txt
+
+RENEWED_DOMAINS=direct.openfreemap.org
+RENEWED_LINEAGE=/etc/letsencrypt/live/ofm_ledns
+
+rclone copy -v "$RENEWED_LINEAGE/fullchain.pem" "remote:ofm-secret/ledns/$RENEWED_DOMAINS/ofm_ledns.cert"
+rclone copy -v "$RENEWED_LINEAGE/privkey.pem" "remote:ofm-secret/ledns/$RENEWED_DOMAINS/ofm_ledns.key"
+
--- a/ssh_lib/tasks.py
+++ b/ssh_lib/tasks.py
@@ -186,37 +186,43 @@ def setup_ledns_writer(c):
    assert (CONFIG_DIR / 'rclone.conf').exists()

    rclone(c)
+    certbot(c)
+
    c.sudo(f'mkdir -p {REMOTE_CONFIG}')

    put(
        c,
        CONFIG_DIR / 'rclone.conf',
        f'{REMOTE_CONFIG}/rclone.conf',
-        permissions='600',
+        permissions=400,
    )

-    return
-
-    c.sudo('mkdir -p /root/.secrets')
-
    put(
        c,
        CONFIG_DIR / 'cloudflare.ini',
-        '/root/.secrets/ofm_ledns_cloudflare.ini',
+        f'{REMOTE_CONFIG}/cloudflare.ini',
        permissions=400,
    )

-    # TODO change to /data/ofm/config, owner root
-
-    sudo_cmd(
+    put(
        c,
-        'certbot certonly '
-        '--dns-cloudflare '
-        '--dns-cloudflare-credentials /root/.secrets/ofm_ledns_cloudflare.ini '
-        '--dns-cloudflare-propagation-seconds 60 '
-        '--staging '
-        f'--noninteractive -m {le_email} '
-        f'--agree-tos '
-        f'--cert-name=ofm_ledns '
-        f'-d {domain_ledns}',
+        SCRIPTS_DIR / 'ledns' / 'rclone_write.sh',
+        '/data/ofm/ledns/rclone_write.sh',
+        create_parent_dir=True,
+        permissions=500,
    )
+
+    #
+    # sudo_cmd(
+    #     c,
+    #     'certbot certonly '
+    #     '--dns-cloudflare '
+    #     f'--dns-cloudflare-credentials {REMOTE_CONFIG}/cloudflare.ini '
+    #     '--dns-cloudflare-propagation-seconds 20 '
+    #     '--staging '
+    #     f'--noninteractive -m {le_email} '
+    #     f'--agree-tos '
+    #     f'--cert-name=ofm_ledns '
+    #     f'--deploy-hook /data/ofm/ledns/rclone_write.sh '
+    #     f'-d {domain_ledns}',
+    # )