Compare commits
10 commits
5c44c19060
...
master
Author | SHA1 | Date | |
---|---|---|---|
fd422a9dd1 | |||
8af878004d | |||
4aa03ad93d | |||
4d6fc272ac | |||
79cb829e55 | |||
eed475446d | |||
323c5393cf | |||
ef50a5ad7b | |||
2616161d63 | |||
fb0d8b7374 |
8 changed files with 107 additions and 75 deletions
2
.dockerignore
Normal file
2
.dockerignore
Normal file
|
@ -0,0 +1,2 @@
|
|||
ci/
|
||||
README.md
|
|
@ -1,9 +1,7 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN apk add \
|
||||
curl \
|
||||
certbot \
|
||||
openssl
|
||||
RUN apk add --no-cache --upgrade \
|
||||
curl certbot openssl
|
||||
|
||||
RUN mkdir -p /etc/periodic/12h \
|
||||
&& mkdir -p /etc/periodic/5min
|
||||
|
@ -11,5 +9,7 @@ RUN mkdir -p /etc/periodic/12h \
|
|||
COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/
|
||||
COPY etc/periodic/ /etc/periodic/
|
||||
|
||||
VOLUME /etc/letsencrypt/
|
||||
|
||||
ENTRYPOINT [ "/bin/sh", "-c" ]
|
||||
CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ]
|
||||
|
|
|
@ -9,10 +9,18 @@ one for the domain and one wildcard cert.
|
|||
|
||||
**Example:**
|
||||
|
||||
```
|
||||
docker run --rm \
|
||||
-e DUCKDNS_DOMAIN=redxef \
|
||||
-e DUCKDNS_TOKEN=<your ddns token> \
|
||||
-e LE_EMAIL=noreply@example.com \
|
||||
redxef/certbot-duckdns
|
||||
```
|
||||
|
||||
`DUCKDNS_DOMAIN=redxef`
|
||||
|
||||
Yields 2 certificates, the first being for redxef.duckdns.org and the
|
||||
second being for *.redxef.duckdns.org. These certificates can be found
|
||||
second being for \*.redxef.duckdns.org. These certificates can be found
|
||||
under the following locations respectively:
|
||||
|
||||
- `/etc/letsencrypt/live/redxef.duckdns.org/`
|
||||
|
@ -22,4 +30,9 @@ under the following locations respectively:
|
|||
|
||||
- DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org
|
||||
- DUCKDNS_TOKEN: Your duckdns api token
|
||||
- DUCKDNS_PROPAGATION_DELAY: Wait this many seconds after the TXT record was updated
|
||||
- LE_EMAIL: Your email for certificate related notifications
|
||||
|
||||
## SOURCE
|
||||
|
||||
[gitea.redxef.at/redxef/certbot-duckdns](https://gitea.redxef.at/redxef/certbot-duckdns)
|
35
arch.txt
35
arch.txt
|
@ -1,35 +0,0 @@
|
|||
aarch64
|
||||
# aarch64_be
|
||||
# alpha
|
||||
arm
|
||||
# armeb
|
||||
# cris
|
||||
# hppa
|
||||
i386
|
||||
# m68k
|
||||
# microblaze
|
||||
# microblazeel
|
||||
# mips
|
||||
# mips64
|
||||
# mips64el
|
||||
# mipsel
|
||||
# mipsn32
|
||||
# mipsn32el
|
||||
# nios2
|
||||
# or1k
|
||||
# ppc
|
||||
# ppc64
|
||||
# ppc64abi32
|
||||
ppc64le
|
||||
# riscv32
|
||||
# riscv64
|
||||
s390x
|
||||
# sh4
|
||||
# sh4eb
|
||||
# sparc
|
||||
# sparc32plus
|
||||
# sparc64
|
||||
# tilegx
|
||||
x86_64
|
||||
# xtensa
|
||||
# xtensaeb
|
30
build.sh
30
build.sh
|
@ -1,30 +0,0 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
platforms() {
|
||||
plat="$(grep '^[^#].*' < arch.txt)"
|
||||
arch_count="$(echo "$plat" | wc -l)"
|
||||
echo "$plat" | tr '\n' ',' | cut -d, -f1-$arch_count
|
||||
}
|
||||
|
||||
create() {
|
||||
docker buildx create --use
|
||||
}
|
||||
|
||||
build() {
|
||||
tagname="$1"
|
||||
docker pull 'alpine:latest'
|
||||
docker buildx build --push --tag="$tagname" --platform="$(platforms)" .
|
||||
}
|
||||
|
||||
get_tag() {
|
||||
git rev-parse --short HEAD
|
||||
}
|
||||
|
||||
deploy() {
|
||||
tag0="redxef/certbot-duckdns:$(get_tag)"
|
||||
tag1="redxef/certbot-duckdns:latest"
|
||||
build "$tag0"
|
||||
build "$tag1"
|
||||
}
|
||||
|
||||
"$@"
|
|
@ -7,13 +7,12 @@ result="$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_V
|
|||
|
||||
# give some time for the record to update
|
||||
echo "waiting for txt record"
|
||||
for i in $(seq 0 60); do
|
||||
for _i in $(seq 0 60); do
|
||||
val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')"
|
||||
echo "current txt record: $val"
|
||||
test "$val" = "$CERTBOT_VALIDATION" && break
|
||||
sleep 10
|
||||
done
|
||||
sleep "${DUCKDNS_PROPAGATION_DELAY:-0}"
|
||||
|
||||
echo "waiting 60s for propagation"
|
||||
sleep 60
|
||||
test "$result" = 'OK'
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
||||
--email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \
|
||||
--agree-tos --no-eff-email --manual-public-ip-logging-ok \
|
||||
--agree-tos --no-eff-email \
|
||||
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
||||
"$@"
|
||||
|
||||
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
||||
--email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \
|
||||
--agree-tos --no-eff-email --manual-public-ip-logging-ok \
|
||||
--agree-tos --no-eff-email \
|
||||
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
||||
"$@"
|
||||
|
||||
|
|
83
ci/pipeline.yml
Normal file
83
ci/pipeline.yml
Normal file
|
@ -0,0 +1,83 @@
|
|||
---
|
||||
resources:
|
||||
- name: source
|
||||
type: git
|
||||
source:
|
||||
uri: https://gitea.redxef.at/redxef/certbot-duckdns
|
||||
branch: master
|
||||
fetch_tags: true
|
||||
- name: upstream-image
|
||||
check_every: 6h
|
||||
type: registry-image
|
||||
source:
|
||||
repository: alpine
|
||||
- name: image
|
||||
type: oci-image
|
||||
source:
|
||||
repository: redxef/certbot-duckdns
|
||||
tag: latest
|
||||
username: ((docker.username))
|
||||
password: ((docker.password))
|
||||
|
||||
resource_types:
|
||||
- name: oci-image
|
||||
type: registry-image
|
||||
source:
|
||||
repository: redxef/concourse-oci-resource
|
||||
tag: latest
|
||||
|
||||
jobs:
|
||||
- name: build-push
|
||||
plan:
|
||||
- get: source
|
||||
trigger: true
|
||||
- get: upstream-image
|
||||
trigger: true
|
||||
- task: compute-docker-tags
|
||||
config:
|
||||
platform: linux
|
||||
image_resource:
|
||||
type: registry-image
|
||||
source:
|
||||
repository: alpine/git
|
||||
inputs:
|
||||
- name: source
|
||||
path: .
|
||||
outputs:
|
||||
- name: docker-tags
|
||||
run:
|
||||
path: sh
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
#!/usr/bin/env sh
|
||||
git rev-parse --short HEAD > docker-tags/tags.txt
|
||||
git show-ref --tags | \
|
||||
sed -n "/$(git rev-parse HEAD)/ s|$(git rev-parse HEAD).refs/tags/||gp" \
|
||||
>> docker-tags/tags.txt
|
||||
- task: build
|
||||
privileged: true
|
||||
config:
|
||||
platform: linux
|
||||
image_resource:
|
||||
type: registry-image
|
||||
source:
|
||||
repository: redxef/concourse-buildkit
|
||||
inputs:
|
||||
- name: source
|
||||
path: .
|
||||
- name: docker-tags
|
||||
outputs:
|
||||
- name: build-output
|
||||
params:
|
||||
dest: build-output/image.tar
|
||||
platform: aarch64,arm,i386,ppc64le,s390x,x86_64
|
||||
run:
|
||||
path: build
|
||||
- put: image
|
||||
inputs:
|
||||
- build-output
|
||||
- docker-tags
|
||||
params:
|
||||
image: build-output/image.tar
|
||||
additionaltags: docker-tags/tags.txt
|
Loading…
Reference in a new issue