From d7e965843eb32fc2e459a15fe70251964ff40394 Mon Sep 17 00:00:00 2001 From: Matthew Fennell Date: Wed, 28 Feb 2024 19:17:25 +0000 Subject: Initial commit This commit adds the initial structure / scaffolding on which the rest of the project can be built. The idea is to have an entry point written in python, which parses a toml file which contains information about each domain, and general configuration of the lego tool which will actually renew the certificates. Each domain has an additional post-renew script, the path to which is given in the config file, which is used to install the new certificates onto the remote hosts if necessary. --- renew-all | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100755 renew-all (limited to 'renew-all') diff --git a/renew-all b/renew-all new file mode 100755 index 0000000..09ddbc8 --- /dev/null +++ b/renew-all @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +import logging +import subprocess +import tomllib + + +def main() -> None: + with open("config.toml", "rb") as config_file: + full_config = tomllib.load(config_file) + + config = full_config["config"] + domains = full_config["domains"] + + for domain in domains.values(): + subdomain_list = domain["domains"] + subdomain_requests = [ + request + for subdomain in subdomain_list + for request in ("--domains", subdomain) + ] + command = ( + [ + "lego", + "--accept-tos", + "--email", + config["acme_email"], + "--dns", + "desec", + "--server", + config["acme_server"], + "--dns.disable-cp", + ] + + subdomain_requests + + ["renew", "--renew-hook", domain["renew_script"]] + ) + environment = { + "DESEC_POLLING_INTERVAL": str(config["timeout_seconds"]), + "DESEC_TOKEN": config["desec_token"], + } + logging.info(f"Running command {command}") + subprocess.run(command, env=environment) + + +if __name__ == "__main__": + main() -- cgit v1.2.3