Initial commit.

2022-06-24 16:22:19 +02:00 · 2022-06-24 16:22:19 +02:00 · 11f75d5f44
commit 11f75d5f44
8 changed files with 111 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,2 @@
+.dockerignore
+example/
--- a/18
+++ b/18
@ -0,0 +1,18 @@
+FROM alpine:latest
+
+RUN apk --no-cache add \
+  certbot \
+  openssl \
+  netcat-openbsd \
+  python3 \
+  py3-pip \
+  && python3 -m pip install certbot-dns-ovh
+
+RUN mkdir -p /etc/periodic/12h
+COPY start.sh certbot-ovh.sh /usr/local/bin/
+COPY certbot-ovh.ini.tmpl /etc/certbot-ovh.ini.tmpl
+COPY periodic/12h/certbot /etc/periodic/12h
+
+VOLUME [ "/etc/letsencrypt/" ]
+ENTRYPOINT [ "/bin/sh", "-c" ]
+CMD [ "start.sh" ]
--- a/certbot-ovh.ini.tmpl
+++ b/certbot-ovh.ini.tmpl
@ -0,0 +1,4 @@
+dns_ovh_endpoint = 
+dns_ovh_application_key = 
+dns_ovh_application_secret =
+dns_ovh_consumer_key = 
--- a/certbot-ovh.sh
+++ b/certbot-ovh.sh
@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+yes_options="
+1
+y
+t
+"
+
+if [ -n "$CERTBOT_OVH_AGREE_TOS" ] && echo "$yes_options" | grep -wiq "$CERTBOT_OVH_AGREE_TOS"; then
+    agree_tos=--agree-tos
+else
+    agree_tos=
+fi 
+
+# shellcheck disable=SC2086
+certbot certonly --preferred-challenges dns-01 --keep \
+  --email="$CERTBOT_OVH_LE_EMAIL" --domains="$CERTBOT_OVH_DOMAINS" \
+  --no-eff-email --manual-public-ip-logging-ok \
+  --dns-ovh --dns-ovh-credentials /etc/certbot-ovh.ini $agree_tos
--- a/example/certbot-ovh.ini
+++ b/example/certbot-ovh.ini
@ -0,0 +1,4 @@
+dns_ovh_endpoint = ovh-ca
+dns_ovh_application_key =
+dns_ovh_application_secret =
+dns_ovh_consumer_key =
--- a/example/docker-compose.yaml
+++ b/example/docker-compose.yaml
@ -0,0 +1,15 @@
+version: '3.3'
+services:
+  certbot:
+    restart: unless-stopped
+    image: redxef/certbot-ovh
+    build:
+      context: ../
+    environment:
+    - CERTBOT_OVH_AGREE_TOS=1
+    - CERTBOT_OVH_LE_EMAIL=<your_email>
+    - CERTBOT_OVH_DOMAINS=yourdomain.tld,*.yourdomain.tld
+    volumes:
+    - ./certbot-ovh.ini:/etc/certbot-ovh.ini
+    
+
--- a/periodic/12h/certbot
+++ b/periodic/12h/certbot
@ -0,0 +1 @@
+sleep "$RANDOM" && exec certbot-ovh.sh
--- a/start.sh
+++ b/start.sh
@ -0,0 +1,48 @@
+#!/usr/bin/env sh
+
+pids=""
+
+run_prog() {
+    "$@" &
+    pids="$! $pids"
+}
+
+trap_sig() {
+    printf '%s' "$pids" | while IFS= read -r pid; do
+        echo "pid=$pid"
+        # shellcheck disable=2086
+        kill -s $1 $pid
+    done
+}
+
+trap 'trap_sig TERM' TERM
+
+if [ ! -f "/etc/certbot-ovh.ini" ]; then
+    echo "No certbot ovh configuration file found" >&2
+    echo "Please mount it at /etc/certbot-ovh.ini" >&2
+    echo "Example config at /etc/certbot-ovh.ini.tmpl" >&2
+    exit 1
+fi
+
+if [ -z "$CERTBOT_OVH_LE_EMAIL" ]; then
+    echo "Please provide the lets encrypt email address" >&2
+    echo "Specify CERTBOT_OVH_LE_EMAIL=<your_email>" >&2
+    exit 2
+fi
+
+if [ -z "$CERTBOT_OVH_DOMAINS" ]; then
+    echo "Please provide the domains for this certificate" >&2
+    echo "Example: CERTBOT_OVH_DOMAINS=domain1.tld,*.domain1.tld"
+    exit 3
+fi
+
+echo "Writing crond config" >&2
+printf '*\t*/12\t*\t*\t*\trun-parts /etc/periodic/12h\n' >> /etc/crontabs/root
+crontab -l
+
+run_prog crond -l 0 -fc /etc/crontabs/
+
+echo "Starting certbot" >&2
+run_prog certbot-ovh.sh
+# shellcheck disable=2086
+wait $pids