Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allows to set hetzner DNS resolver #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allows to set hetzner DNS resolver #45

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ RUN set -x ; apk add procmail --no-cache --repository http://dl-cdn.alpinelinux.
&& apk add --no-cache --allow-untrusted "$(basename "${!url}")" \
&& rm "$(basename "${!url}")"

RUN curl -fsSL "https://raw.githubusercontent.com/balena-io/open-balena/master/scripts/_keyid.js" -o /opt/_keyid.js
RUN curl -fsSL "https://raw.githubusercontent.com/balena-io/open-balena/v3.8.5/scripts/_keyid.js" -o /opt/_keyid.js

WORKDIR /etc/letsencrypt

Expand Down
32 changes: 32 additions & 0 deletions entry.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,37 @@ function get_env_var_value {
echo "${varval}"
}

function hetzner_issue_public_cert {
local balena_device_uuid
balena_device_uuid="${1}"

local dns_tld
dns_tld="${2}"
[[ -n "${dns_tld}" ]] || return

hetzner_api_token="$(get_env_var_value "${balena_device_uuid}" HETZNER_API_TOKEN)"
[[ -n "${hetzner_api_token}" ]] || return

mkdir -p ~/.secrets/certbot

echo "dns_hetzner_api_token = ${hetzner_api_token}" \
> ~/.secrets/certbot/hetzner.ini \
&& chmod 0600 ~/.secrets/certbot/hetzner.ini

# Install the Hetzner DNS plugin for Certbot
pip install certbot-dns-hetzner

# shellcheck disable=SC2086
with_backoff certbot certonly --agree-tos --non-interactive --verbose --expand \
--authenticator dns-hetzner \
--dns-hetzner-credentials ~/.secrets/certbot/hetzner.ini \
--dns-hetzner-propagation-seconds 60 \
--cert-name "${dns_tld}" \
-m "$(get_acme_email ${balena_device_uuid})" \
-d "${dns_tld}" \
${sans}
}

function cloudflare_issue_public_cert {
local balena_device_uuid
balena_device_uuid="${1}"
Expand Down Expand Up @@ -300,6 +331,7 @@ function issue_public_certs {
# chain breaks after first success
cloudflare_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| gandi_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| hetzner_issue_public_cert "${balena_device_uuid}" "${dns_tld}" \
|| true
fi

Expand Down
Loading