ansible-base/roles/tlscert_acme_inwx/files/tls-renew

#!/usr/bin/env python3

import sys as _sys
import os as _os
import json as _json
import argparse as _argparse


def file_read(path):
	handle = open(path, "r")
	content = handle.read()
	handle.close()
	return content
	

def main():
	## args
	argument_parser = _argparse.ArgumentParser()
	argument_parser.add_argument(
		"-c",
		"--conf-path",
		type = str,
		dest = "conf_path",
		metavar = "<conf-path>",
		default = _os.path.join(_os.environ["HOME"], ".tls-renew-conf.json"),
	)
	argument_parser.add_argument(
		type = str,
		dest = "domain",
		metavar = "<domain>",
	)
	argument_parser.add_argument(
		"-t",
		"--target-directory",
		dest = "target_directory",
		type = str,
		metavar = "<target-directory>",
		default = "/etc/ssl",
	)
	argument_parser.add_argument(
		"-x",
		"--challenge-prefix",
		dest = "challenge_prefix",
		type = str,
		metavar = "<challenge-prefix>",
		default = "_acme-challenge",
		help = "which subdomain to use for ACME challanges",
	)
	argument_parser.add_argument(
		"-w",
		"--delay",
		dest = "delay",
		type = float,
		default = 60.0,
		metavar = "<delay>",
		help = "seconds to wait at end of certbot auth hook",
	)
	argument_parser.add_argument(
		"-q",
		"--dry-run",
		dest = "dry_run",
		action = "store_true",
		default = False,
		help = "whether to only print the command on stdout instead of executing it",
	)
	args = argument_parser.parse_args()
	
	
	## vars
	conf = _json.loads(file_read(args.conf_path))
	le_dir = "/etc/letsencrypt/live"
	
	## exec
	command_hook_parts = [
		("/usr/local/bin/inwx"),
		("--username=\"%s\"" % conf["inwx_account"]["username"]),
		("--password=\"%s\"" % conf["inwx_account"]["password"]),
		("certbot-hook")
	]
	command_hook = " ".join(command_hook_parts)
	
	command_certbot_parts = [
		("certbot"),
		("certonly"),
		("--email='%s'" % conf["acme_account"]["email"]),
		# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
		("--preferred-challenges='dns'"),
		("--non-interactive"),
		("--agree-tos"),
		("--domain='%s'" % args.domain),
		("--manual"),
		("--manual-auth-hook='%s'" % command_hook),
		# ("--key-path='%s'" % _os.path.join(args.target_directory, "private", "%s.pem" % args.domain)),
		# ("--cert-path='%s'" % _os.path.join(args.target_directory, "certs", "%s.pem" % args.domain)),
		# ("--chain-path='%s'" % _os.path.join(args.target_directory, "chains", "%s.pem" % args.domain)),
		# ("--fullchain-path='%s'" % _os.path.join(args.target_directory, "fullchains", "%s.pem" % args.domain)),
	]
	command_certbot = " ".join(command_certbot_parts)
	
	if (args.dry_run):
		_sys.stdout.write(command_certbot + "\n")
	else:
		_os.system(command_certbot)
		subjects = [
			{"source_name": "privkey", "target_directory": "private"},
			{"source_name": "cert", "target_directory": "certs"},
			{"source_name": "chain", "target_directory": "chains"},
			{"source_name": "fullchain", "target_directory": "fullchains"},
		]
		for subject in subjects:
			_os.system(
				"mkdir --parents %s && cp --dereference %s %s"
				% (
					_os.path.join(args.target_directory, subject["target_directory"]),
					_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),
					_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),
				)
			)
	

main()
[int] 2024-05-30 18:44:28 +02:00			`#!/usr/bin/env python3`

[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`import sys as _sys`
[int] 2024-05-30 18:44:28 +02:00			`import os as _os`
			`import json as _json`
			`import argparse as _argparse`


			`def file_read(path):`
			`handle = open(path, "r")`
			`content = handle.read()`
			`handle.close()`
			`return content`


			`def main():`
			`## args`
			`argument_parser = _argparse.ArgumentParser()`
			`argument_parser.add_argument(`
			`"-c",`
			`"--conf-path",`
			`type = str,`
			`dest = "conf_path",`
			`metavar = "<conf-path>",`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`default = _os.path.join(_os.environ["HOME"], ".tls-renew-conf.json"),`
[int] 2024-05-30 18:44:28 +02:00			`)`
			`argument_parser.add_argument(`
			`type = str,`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`dest = "domain",`
			`metavar = "<domain>",`
[int] 2024-05-30 18:44:28 +02:00			`)`
			`argument_parser.add_argument(`
			`"-t",`
			`"--target-directory",`
			`dest = "target_directory",`
			`type = str,`
			`metavar = "<target-directory>",`
			`default = "/etc/ssl",`
			`)`
			`argument_parser.add_argument(`
			`"-x",`
			`"--challenge-prefix",`
			`dest = "challenge_prefix",`
			`type = str,`
			`metavar = "<challenge-prefix>",`
			`default = "_acme-challenge",`
			`help = "which subdomain to use for ACME challanges",`
			`)`
			`argument_parser.add_argument(`
			`"-w",`
			`"--delay",`
			`dest = "delay",`
			`type = float,`
			`default = 60.0,`
			`metavar = "<delay>",`
			`help = "seconds to wait at end of certbot auth hook",`
			`)`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`argument_parser.add_argument(`
			`"-q",`
			`"--dry-run",`
			`dest = "dry_run",`
			`action = "store_true",`
			`default = False,`
			`help = "whether to only print the command on stdout instead of executing it",`
			`)`
[int] 2024-05-30 18:44:28 +02:00			`args = argument_parser.parse_args()`


			`## vars`
			`conf = _json.loads(file_read(args.conf_path))`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`le_dir = "/etc/letsencrypt/live"`
[int] 2024-05-30 18:44:28 +02:00
			`## exec`
			`command_hook_parts = [`
			`("/usr/local/bin/inwx"),`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`("--username=\"%s\"" % conf["inwx_account"]["username"]),`
			`("--password=\"%s\"" % conf["inwx_account"]["password"]),`
			`("certbot-hook")`
[int] 2024-05-30 18:44:28 +02:00			`]`
			`command_hook = " ".join(command_hook_parts)`

			`command_certbot_parts = [`
			`("certbot"),`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`("certonly"),`
[int] 2024-05-30 18:44:28 +02:00			`("--email='%s'" % conf["acme_account"]["email"]),`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`# ("--work-dir='%s'" % conf["misc"]["working_directory"]),`
[int] 2024-05-30 18:44:28 +02:00			`("--preferred-challenges='dns'"),`
			`("--non-interactive"),`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`("--agree-tos"),`
			`("--domain='%s'" % args.domain),`
			`("--manual"),`
[int] 2024-05-30 18:44:28 +02:00			`("--manual-auth-hook='%s'" % command_hook),`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`# ("--key-path='%s'" % _os.path.join(args.target_directory, "private", "%s.pem" % args.domain)),`
			`# ("--cert-path='%s'" % _os.path.join(args.target_directory, "certs", "%s.pem" % args.domain)),`
			`# ("--chain-path='%s'" % _os.path.join(args.target_directory, "chains", "%s.pem" % args.domain)),`
			`# ("--fullchain-path='%s'" % _os.path.join(args.target_directory, "fullchains", "%s.pem" % args.domain)),`
[int] 2024-05-30 18:44:28 +02:00			`]`
			`command_certbot = " ".join(command_certbot_parts)`

[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`if (args.dry_run):`
			`_sys.stdout.write(command_certbot + "\n")`
			`else:`
			`_os.system(command_certbot)`
[mod] role:tlscert_acme_inwx 2024-05-31 08:24:45 +02:00			`subjects = [`
			`{"source_name": "privkey", "target_directory": "private"},`
			`{"source_name": "cert", "target_directory": "certs"},`
			`{"source_name": "chain", "target_directory": "chains"},`
			`{"source_name": "fullchain", "target_directory": "fullchains"},`
			`]`
			`for subject in subjects:`
			`_os.system(`
			`"mkdir --parents %s && cp --dereference %s %s"`
			`% (`
			`_os.path.join(args.target_directory, subject["target_directory"]),`
			`_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),`
			`_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),`
			`)`
[mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00			`)`
[int] 2024-05-30 18:44:28 +02:00

			`main()`