Compare commits
10 commits
5c44c19060
...
master
Author | SHA1 | Date | |
---|---|---|---|
fd422a9dd1 | |||
8af878004d | |||
4aa03ad93d | |||
4d6fc272ac | |||
79cb829e55 | |||
eed475446d | |||
323c5393cf | |||
ef50a5ad7b | |||
2616161d63 | |||
fb0d8b7374 |
8 changed files with 107 additions and 75 deletions
2
.dockerignore
Normal file
2
.dockerignore
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
ci/
|
||||||
|
README.md
|
|
@ -1,9 +1,7 @@
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
|
|
||||||
RUN apk add \
|
RUN apk add --no-cache --upgrade \
|
||||||
curl \
|
curl certbot openssl
|
||||||
certbot \
|
|
||||||
openssl
|
|
||||||
|
|
||||||
RUN mkdir -p /etc/periodic/12h \
|
RUN mkdir -p /etc/periodic/12h \
|
||||||
&& mkdir -p /etc/periodic/5min
|
&& mkdir -p /etc/periodic/5min
|
||||||
|
@ -11,5 +9,7 @@ RUN mkdir -p /etc/periodic/12h \
|
||||||
COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/
|
COPY certbot-* duckdns start-certbot-duckdns.sh /usr/local/bin/
|
||||||
COPY etc/periodic/ /etc/periodic/
|
COPY etc/periodic/ /etc/periodic/
|
||||||
|
|
||||||
|
VOLUME /etc/letsencrypt/
|
||||||
|
|
||||||
ENTRYPOINT [ "/bin/sh", "-c" ]
|
ENTRYPOINT [ "/bin/sh", "-c" ]
|
||||||
CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ]
|
CMD [ "duckdns; certbot-duckdns; start-certbot-duckdns.sh" ]
|
||||||
|
|
|
@ -9,10 +9,18 @@ one for the domain and one wildcard cert.
|
||||||
|
|
||||||
**Example:**
|
**Example:**
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run --rm \
|
||||||
|
-e DUCKDNS_DOMAIN=redxef \
|
||||||
|
-e DUCKDNS_TOKEN=<your ddns token> \
|
||||||
|
-e LE_EMAIL=noreply@example.com \
|
||||||
|
redxef/certbot-duckdns
|
||||||
|
```
|
||||||
|
|
||||||
`DUCKDNS_DOMAIN=redxef`
|
`DUCKDNS_DOMAIN=redxef`
|
||||||
|
|
||||||
Yields 2 certificates, the first being for redxef.duckdns.org and the
|
Yields 2 certificates, the first being for redxef.duckdns.org and the
|
||||||
second being for *.redxef.duckdns.org. These certificates can be found
|
second being for \*.redxef.duckdns.org. These certificates can be found
|
||||||
under the following locations respectively:
|
under the following locations respectively:
|
||||||
|
|
||||||
- `/etc/letsencrypt/live/redxef.duckdns.org/`
|
- `/etc/letsencrypt/live/redxef.duckdns.org/`
|
||||||
|
@ -22,4 +30,9 @@ under the following locations respectively:
|
||||||
|
|
||||||
- DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org
|
- DUCKDNS_DOMAIN: The domain to update, ex: DUCKDNS_DOMAIN=redxef for redxef.duckdns.org
|
||||||
- DUCKDNS_TOKEN: Your duckdns api token
|
- DUCKDNS_TOKEN: Your duckdns api token
|
||||||
|
- DUCKDNS_PROPAGATION_DELAY: Wait this many seconds after the TXT record was updated
|
||||||
- LE_EMAIL: Your email for certificate related notifications
|
- LE_EMAIL: Your email for certificate related notifications
|
||||||
|
|
||||||
|
## SOURCE
|
||||||
|
|
||||||
|
[gitea.redxef.at/redxef/certbot-duckdns](https://gitea.redxef.at/redxef/certbot-duckdns)
|
35
arch.txt
35
arch.txt
|
@ -1,35 +0,0 @@
|
||||||
aarch64
|
|
||||||
# aarch64_be
|
|
||||||
# alpha
|
|
||||||
arm
|
|
||||||
# armeb
|
|
||||||
# cris
|
|
||||||
# hppa
|
|
||||||
i386
|
|
||||||
# m68k
|
|
||||||
# microblaze
|
|
||||||
# microblazeel
|
|
||||||
# mips
|
|
||||||
# mips64
|
|
||||||
# mips64el
|
|
||||||
# mipsel
|
|
||||||
# mipsn32
|
|
||||||
# mipsn32el
|
|
||||||
# nios2
|
|
||||||
# or1k
|
|
||||||
# ppc
|
|
||||||
# ppc64
|
|
||||||
# ppc64abi32
|
|
||||||
ppc64le
|
|
||||||
# riscv32
|
|
||||||
# riscv64
|
|
||||||
s390x
|
|
||||||
# sh4
|
|
||||||
# sh4eb
|
|
||||||
# sparc
|
|
||||||
# sparc32plus
|
|
||||||
# sparc64
|
|
||||||
# tilegx
|
|
||||||
x86_64
|
|
||||||
# xtensa
|
|
||||||
# xtensaeb
|
|
30
build.sh
30
build.sh
|
@ -1,30 +0,0 @@
|
||||||
#!/usr/bin/env sh
|
|
||||||
|
|
||||||
platforms() {
|
|
||||||
plat="$(grep '^[^#].*' < arch.txt)"
|
|
||||||
arch_count="$(echo "$plat" | wc -l)"
|
|
||||||
echo "$plat" | tr '\n' ',' | cut -d, -f1-$arch_count
|
|
||||||
}
|
|
||||||
|
|
||||||
create() {
|
|
||||||
docker buildx create --use
|
|
||||||
}
|
|
||||||
|
|
||||||
build() {
|
|
||||||
tagname="$1"
|
|
||||||
docker pull 'alpine:latest'
|
|
||||||
docker buildx build --push --tag="$tagname" --platform="$(platforms)" .
|
|
||||||
}
|
|
||||||
|
|
||||||
get_tag() {
|
|
||||||
git rev-parse --short HEAD
|
|
||||||
}
|
|
||||||
|
|
||||||
deploy() {
|
|
||||||
tag0="redxef/certbot-duckdns:$(get_tag)"
|
|
||||||
tag1="redxef/certbot-duckdns:latest"
|
|
||||||
build "$tag0"
|
|
||||||
build "$tag1"
|
|
||||||
}
|
|
||||||
|
|
||||||
"$@"
|
|
|
@ -7,13 +7,12 @@ result="$(printf "url=$baseurl\n" "$DUCKDNS_DOMAIN" "$DUCKDNS_TOKEN" "$CERTBOT_V
|
||||||
|
|
||||||
# give some time for the record to update
|
# give some time for the record to update
|
||||||
echo "waiting for txt record"
|
echo "waiting for txt record"
|
||||||
for i in $(seq 0 60); do
|
for _i in $(seq 0 60); do
|
||||||
val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')"
|
val="$(nslookup -type=TXT "$DUCKDNS_DOMAIN.duckdns.org" | grep "$DUCKDNS_DOMAIN.duckdns.org.*text.*=.*" | sed -n 's/.*"\([^"]*\)".*/\1/p')"
|
||||||
echo "current txt record: $val"
|
echo "current txt record: $val"
|
||||||
test "$val" = "$CERTBOT_VALIDATION" && break
|
test "$val" = "$CERTBOT_VALIDATION" && break
|
||||||
sleep 10
|
sleep 10
|
||||||
done
|
done
|
||||||
|
sleep "${DUCKDNS_PROPAGATION_DELAY:-0}"
|
||||||
|
|
||||||
echo "waiting 60s for propagation"
|
|
||||||
sleep 60
|
|
||||||
test "$result" = 'OK'
|
test "$result" = 'OK'
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
|
|
||||||
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
||||||
--email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \
|
--email="$LE_EMAIL" --domains="$DUCKDNS_DOMAIN.duckdns.org" \
|
||||||
--agree-tos --no-eff-email --manual-public-ip-logging-ok \
|
--agree-tos --no-eff-email \
|
||||||
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
||||||
"$@"
|
"$@"
|
||||||
|
|
||||||
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
certbot certonly --manual --preferred-challenges dns-01 --keep \
|
||||||
--email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \
|
--email="$LE_EMAIL" --domains="*.$DUCKDNS_DOMAIN.duckdns.org" \
|
||||||
--agree-tos --no-eff-email --manual-public-ip-logging-ok \
|
--agree-tos --no-eff-email \
|
||||||
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
--manual-auth-hook=certbot-auth --manual-cleanup-hook=certbot-cleanup \
|
||||||
"$@"
|
"$@"
|
||||||
|
|
||||||
|
|
83
ci/pipeline.yml
Normal file
83
ci/pipeline.yml
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
---
|
||||||
|
resources:
|
||||||
|
- name: source
|
||||||
|
type: git
|
||||||
|
source:
|
||||||
|
uri: https://gitea.redxef.at/redxef/certbot-duckdns
|
||||||
|
branch: master
|
||||||
|
fetch_tags: true
|
||||||
|
- name: upstream-image
|
||||||
|
check_every: 6h
|
||||||
|
type: registry-image
|
||||||
|
source:
|
||||||
|
repository: alpine
|
||||||
|
- name: image
|
||||||
|
type: oci-image
|
||||||
|
source:
|
||||||
|
repository: redxef/certbot-duckdns
|
||||||
|
tag: latest
|
||||||
|
username: ((docker.username))
|
||||||
|
password: ((docker.password))
|
||||||
|
|
||||||
|
resource_types:
|
||||||
|
- name: oci-image
|
||||||
|
type: registry-image
|
||||||
|
source:
|
||||||
|
repository: redxef/concourse-oci-resource
|
||||||
|
tag: latest
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
- name: build-push
|
||||||
|
plan:
|
||||||
|
- get: source
|
||||||
|
trigger: true
|
||||||
|
- get: upstream-image
|
||||||
|
trigger: true
|
||||||
|
- task: compute-docker-tags
|
||||||
|
config:
|
||||||
|
platform: linux
|
||||||
|
image_resource:
|
||||||
|
type: registry-image
|
||||||
|
source:
|
||||||
|
repository: alpine/git
|
||||||
|
inputs:
|
||||||
|
- name: source
|
||||||
|
path: .
|
||||||
|
outputs:
|
||||||
|
- name: docker-tags
|
||||||
|
run:
|
||||||
|
path: sh
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
git rev-parse --short HEAD > docker-tags/tags.txt
|
||||||
|
git show-ref --tags | \
|
||||||
|
sed -n "/$(git rev-parse HEAD)/ s|$(git rev-parse HEAD).refs/tags/||gp" \
|
||||||
|
>> docker-tags/tags.txt
|
||||||
|
- task: build
|
||||||
|
privileged: true
|
||||||
|
config:
|
||||||
|
platform: linux
|
||||||
|
image_resource:
|
||||||
|
type: registry-image
|
||||||
|
source:
|
||||||
|
repository: redxef/concourse-buildkit
|
||||||
|
inputs:
|
||||||
|
- name: source
|
||||||
|
path: .
|
||||||
|
- name: docker-tags
|
||||||
|
outputs:
|
||||||
|
- name: build-output
|
||||||
|
params:
|
||||||
|
dest: build-output/image.tar
|
||||||
|
platform: aarch64,arm,i386,ppc64le,s390x,x86_64
|
||||||
|
run:
|
||||||
|
path: build
|
||||||
|
- put: image
|
||||||
|
inputs:
|
||||||
|
- build-output
|
||||||
|
- docker-tags
|
||||||
|
params:
|
||||||
|
image: build-output/image.tar
|
||||||
|
additionaltags: docker-tags/tags.txt
|
Loading…
Reference in a new issue