1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#!/usr/bin/env python3
# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
#
# SPDX-License-Identifier: AGPL-3.0-only
import argparse
import logging
import os
import subprocess
import tomllib
parser = argparse.ArgumentParser()
parser.add_argument("--env", required=True, choices=["prod", "nonprod"])
parser.add_argument("action", default="renew", nargs="?", choices=["renew", "run"])
args = parser.parse_args()
def main() -> None:
with open("/etc/opt/acme/config.toml", "rb") as config_file:
full_config = tomllib.load(config_file)
config = full_config["config"]
domains = full_config["domains"]
for domain in domains.values():
subdomain_list = domain["domains"]
subdomain_requests = [
request
for subdomain in subdomain_list
for request in ("--domains", subdomain)
]
actions = {
"renew": [
"renew",
"--reuse-key",
"--days",
str(domain["renew_days"]),
"--renew-hook",
domain[f"renew_script_{args.env}"],
],
"run": [
"run",
],
}
command = (
[
"lego",
"--path",
os.path.expanduser("~/.lego"),
"--accept-tos",
"--email",
config["acme_email"],
"--dns",
domain["provider"],
"--server",
config[f"acme_server_{args.env}"],
"--dns.disable-cp",
]
+ subdomain_requests
+ actions[args.action]
)
environment = {
"DESEC_POLLING_INTERVAL": str(config["timeout_seconds"]),
"DESEC_TOKEN": config["desec_token"],
"MYTHICBEASTS_PASSWORD": config["mythic_beasts_secret"],
"MYTHICBEASTS_POLLING_INTERVAL": str(config["timeout_seconds"]),
"MYTHICBEASTS_USERNAME": config["mythic_beasts_key_id"],
}
logging.info(f"Running command {command}")
subprocess.run(command, env=environment)
if __name__ == "__main__":
main()
|
