Compare commits

...

10 commits

8 changed files with 107 additions and 75 deletions

2
.dockerignore Normal file
View file

@ -0,0 +1,2 @@
ci/
README.md

View file

@ -1,9 +1,7 @@
FROM alpine:latest FROM alpine:latest
RUN apk add \ RUN apk add --no-cache --upgrade \
curl \ curl certbot openssl
certbot \
openssl
RUN mkdir -p /etc/periodic/12h \ RUN mkdir -p /etc/periodic/12h \
&& mkdir -p /etc/periodic/5min && mkdir -p /etc/periodic/5min
@ -11,5 +9,7 @@ RUN mkdir -p /etc/periodic/12h \
COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/ COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/
COPY etc/periodic/ /etc/periodic/ COPY etc/periodic/ /etc/periodic/
VOLUME /etc/letsencrypt/
ENTRYPOINT [ "/bin/sh", "-c" ] ENTRYPOINT [ "/bin/sh", "-c" ]
CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ] CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ]

View file

@ -9,10 +9,18 @@ one for the domain and one wildcard cert.
**Example:** **Example:**
```
docker run --rm \
-e DUCKDNS_DOMAIN=redxef \
-e DUCKDNS_TOKEN=<your ddns token> \
-e LE_EMAIL=noreply@example.com \
redxef/certbot-duckdns
```
`DUCKDNS_DOMAIN=redxef` `DUCKDNS_DOMAIN=redxef`
Yields 2 certificates, the first being for redxef.duckdns.org and the Yields 2 certificates, the first being for redxef.duckdns.org and the
second being for *.redxef.duckdns.org. These certificates can be found second being for \*.redxef.duckdns.org. These certificates can be found
under the following locations respectively: under the following locations respectively:
- `/etc/letsencrypt/live/redxef.duckdns.org/` - `/etc/letsencrypt/live/redxef.duckdns.org/`
@ -22,4 +30,9 @@ under the following locations respectively:
- DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org - DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org
- DUCKDNS_TOKEN: Your duckdns api token - DUCKDNS_TOKEN: Your duckdns api token
- DUCKDNS_PROPAGATION_DELAY: Wait this many seconds after the TXT record was updated
- LE_EMAIL: Your email for certificate related notifications - LE_EMAIL: Your email for certificate related notifications
## SOURCE
[gitea.redxef.at/redxef/certbot-duckdns](https://gitea.redxef.at/redxef/certbot-duckdns)

View file

@ -1,35 +0,0 @@
aarch64
# aarch64_be
# alpha
arm
# armeb
# cris
# hppa
i386
# m68k
# microblaze
# microblazeel
# mips
# mips64
# mips64el
# mipsel
# mipsn32
# mipsn32el
# nios2
# or1k
# ppc
# ppc64
# ppc64abi32
ppc64le
# riscv32
# riscv64
s390x
# sh4
# sh4eb
# sparc
# sparc32plus
# sparc64
# tilegx
x86_64
# xtensa
# xtensaeb

View file

@ -1,30 +0,0 @@
#!/usr/bin/env sh
platforms() {
plat="$(grep '^[^#].*' < arch.txt)"
arch_count="$(echo "$plat" | wc -l)"
echo "$plat" | tr '\n' ',' | cut -d, -f1-$arch_count
}
create() {
docker buildx create --use
}
build() {
tagname="$1"
docker pull 'alpine:latest'
docker buildx build --push --tag="$tagname" --platform="$(platforms)" .
}
get_tag() {
git rev-parse --short HEAD
}
deploy() {
tag0="redxef/certbot-duckdns:$(get_tag)"
tag1="redxef/certbot-duckdns:latest"
build "$tag0"
build "$tag1"
}
"$@"

View file

@ -7,13 +7,12 @@ result="$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_V
# give some time for the record to update # give some time for the record to update
echo "waiting for txt record" echo "waiting for txt record"
for i in $(seq 0 60); do for _i in $(seq 0 60); do
val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')" val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')"
echo "current txt record: $val" echo "current txt record: $val"
test "$val" = "$CERTBOT_VALIDATION" && break test "$val" = "$CERTBOT_VALIDATION" && break
sleep 10 sleep 10
done done
sleep "${DUCKDNS_PROPAGATION_DELAY:-0}"
echo "waiting 60s for propagation"
sleep 60
test "$result" = 'OK' test "$result" = 'OK'

View file

@ -2,13 +2,13 @@
certbot certonly --manual --preferred-challenges dns-01 --keep \ certbot certonly --manual --preferred-challenges dns-01 --keep \
--email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \ --email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \
--agree-tos --no-eff-email --manual-public-ip-logging-ok \ --agree-tos --no-eff-email \
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \ --manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
"$@" "$@"
certbot certonly --manual --preferred-challenges dns-01 --keep \ certbot certonly --manual --preferred-challenges dns-01 --keep \
--email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \ --email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \
--agree-tos --no-eff-email --manual-public-ip-logging-ok \ --agree-tos --no-eff-email \
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \ --manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
"$@" "$@"

83
ci/pipeline.yml Normal file
View file

@ -0,0 +1,83 @@
---
resources:
- name: source
type: git
source:
uri: https://gitea.redxef.at/redxef/certbot-duckdns
branch: master
fetch_tags: true
- name: upstream-image
check_every: 6h
type: registry-image
source:
repository: alpine
- name: image
type: oci-image
source:
repository: redxef/certbot-duckdns
tag: latest
username: ((docker.username))
password: ((docker.password))
resource_types:
- name: oci-image
type: registry-image
source:
repository: redxef/concourse-oci-resource
tag: latest
jobs:
- name: build-push
plan:
- get: source
trigger: true
- get: upstream-image
trigger: true
- task: compute-docker-tags
config:
platform: linux
image_resource:
type: registry-image
source:
repository: alpine/git
inputs:
- name: source
path: .
outputs:
- name: docker-tags
run:
path: sh
args:
- -c
- |
#!/usr/bin/env sh
git rev-parse --short HEAD > docker-tags/tags.txt
git show-ref --tags | \
sed -n "/$(git rev-parse HEAD)/ s|$(git rev-parse HEAD).refs/tags/||gp" \
>> docker-tags/tags.txt
- task: build
privileged: true
config:
platform: linux
image_resource:
type: registry-image
source:
repository: redxef/concourse-buildkit
inputs:
- name: source
path: .
- name: docker-tags
outputs:
- name: build-output
params:
dest: build-output/image.tar
platform: aarch64,arm,i386,ppc64le,s390x,x86_64
run:
path: build
- put: image
inputs:
- build-output
- docker-tags
params:
image: build-output/image.tar
additionaltags: docker-tags/tags.txt