Initial commit

This commit adds the initial structure / scaffolding on which the rest of the
project can be built.

The idea is to have an entry point written in python, which parses a toml file
which contains information about each domain, and general configuration of the
lego tool which will actually renew the certificates. Each domain has an
additional post-renew script, the path to which is given in the config file,
which is used to install the new certificates onto the remote hosts if
necessary.

1 files changed, 49 insertions, 0 deletions

diff --git a/renew-all b/renew-all
new file mode 100755
index 0000000..09ddbc8
--- /dev/null
+++ b/renew-all
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+import logging
+import subprocess
+import tomllib
+
+
+def main() -> None:
+    with open("config.toml", "rb") as config_file:
+        full_config = tomllib.load(config_file)
+
+        config = full_config["config"]
+        domains = full_config["domains"]
+
+        for domain in domains.values():
+            subdomain_list = domain["domains"]
+            subdomain_requests = [
+                request
+                for subdomain in subdomain_list
+                for request in ("--domains", subdomain)
+            ]
+            command = (
+                [
+                    "lego",
+                    "--accept-tos",
+                    "--email",
+                    config["acme_email"],
+                    "--dns",
+                    "desec",
+                    "--server",
+                    config["acme_server"],
+                    "--dns.disable-cp",
+                ]
+                + subdomain_requests
+                + ["renew", "--renew-hook", domain["renew_script"]]
+            )
+            environment = {
+                "DESEC_POLLING_INTERVAL": str(config["timeout_seconds"]),
+                "DESEC_TOKEN": config["desec_token"],
+            }
+            logging.info(f"Running command {command}")
+            subprocess.run(command, env=environment)
+
+
+if __name__ == "__main__":
+    main()