fix: target the correct public domain records in dns automation
This commit is contained in:
Philipp
parent
e048079fa6
commit
3c05c7f7e8
2 changed files with 131 additions and 32 deletions
|
|
@ -4,7 +4,8 @@ set -euo pipefail
|
|||
: "${CLOUDFLARE_API_TOKEN:?set CLOUDFLARE_API_TOKEN}"
|
||||
: "${CLOUDFLARE_ZONE_ID:?set CLOUDFLARE_ZONE_ID}"
|
||||
: "${BASE_DOMAIN:?set BASE_DOMAIN}"
|
||||
: "${SERVER_IP:?set SERVER_IP}"
|
||||
: "${PUBLIC_DOMAIN:=$BASE_DOMAIN}"
|
||||
: "${DNS_MODE:=upsert}"
|
||||
|
||||
api() {
|
||||
curl -fsS -X "$1" "https://api.cloudflare.com/client/v4$2" \
|
||||
|
|
@ -13,15 +14,21 @@ api() {
|
|||
${3:+--data "$3"}
|
||||
}
|
||||
|
||||
lookup_record_id() {
|
||||
local type="$1"
|
||||
local name="$2"
|
||||
curl -fsS "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=$type&name=$name" \
|
||||
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||||
-H 'Content-Type: application/json' | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d["result"][0]["id"] if d.get("result") else "")'
|
||||
}
|
||||
|
||||
upsert_record() {
|
||||
local type="$1"
|
||||
local name="$2"
|
||||
local content="$3"
|
||||
local proxied="${4:-false}"
|
||||
local existing_id
|
||||
existing_id=$(curl -fsS "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?type=$type&name=$name" \
|
||||
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
|
||||
-H 'Content-Type: application/json' | python3 -c 'import sys,json; d=json.load(sys.stdin); print(d["result"][0]["id"] if d.get("result") else "")')
|
||||
existing_id=$(lookup_record_id "$type" "$name")
|
||||
|
||||
local payload
|
||||
payload=$(printf '{"type":"%s","name":"%s","content":"%s","ttl":120,"proxied":%s}' "$type" "$name" "$content" "$proxied")
|
||||
|
|
@ -33,8 +40,42 @@ upsert_record() {
|
|||
fi
|
||||
}
|
||||
|
||||
upsert_record A "$BASE_DOMAIN" "$SERVER_IP" false
|
||||
upsert_record A "git.$BASE_DOMAIN" "$SERVER_IP" false
|
||||
upsert_record A "registry.$BASE_DOMAIN" "$SERVER_IP" false
|
||||
delete_record() {
|
||||
local type="$1"
|
||||
local name="$2"
|
||||
local existing_id
|
||||
existing_id=$(lookup_record_id "$type" "$name")
|
||||
|
||||
echo "cloudflare dns updated for $BASE_DOMAIN, git.$BASE_DOMAIN, registry.$BASE_DOMAIN"
|
||||
if [[ -n "$existing_id" ]]; then
|
||||
api DELETE "/zones/$CLOUDFLARE_ZONE_ID/dns_records/$existing_id" >/dev/null
|
||||
echo "deleted $type $name"
|
||||
else
|
||||
echo "skipped missing $type $name"
|
||||
fi
|
||||
}
|
||||
|
||||
records=(
|
||||
"$PUBLIC_DOMAIN"
|
||||
"git.$PUBLIC_DOMAIN"
|
||||
"registry.$PUBLIC_DOMAIN"
|
||||
)
|
||||
|
||||
case "$DNS_MODE" in
|
||||
upsert)
|
||||
: "${SERVER_IP:?set SERVER_IP}"
|
||||
upsert_record A "${records[0]}" "$SERVER_IP" false
|
||||
upsert_record A "${records[1]}" "$SERVER_IP" false
|
||||
upsert_record A "${records[2]}" "$SERVER_IP" false
|
||||
echo "cloudflare dns updated for ${records[*]}"
|
||||
;;
|
||||
delete)
|
||||
delete_record A "${records[0]}"
|
||||
delete_record A "${records[1]}"
|
||||
delete_record A "${records[2]}"
|
||||
echo "cloudflare dns cleanup finished for ${records[*]}"
|
||||
;;
|
||||
*)
|
||||
echo "unsupported DNS_MODE: $DNS_MODE" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
|
|
|||
|
|
@ -11,18 +11,32 @@ require python3
|
|||
: "${PORKBUN_API_KEY:?set PORKBUN_API_KEY}"
|
||||
: "${PORKBUN_SECRET_API_KEY:?set PORKBUN_SECRET_API_KEY}"
|
||||
: "${BASE_DOMAIN:?set BASE_DOMAIN}"
|
||||
: "${SERVER_IP:?set SERVER_IP}"
|
||||
: "${PUBLIC_DOMAIN:=$BASE_DOMAIN}"
|
||||
: "${DNS_MODE:=upsert}"
|
||||
|
||||
api_base="https://api.porkbun.com/api/json/v3"
|
||||
|
||||
if [[ "$PUBLIC_DOMAIN" == "$BASE_DOMAIN" ]]; then
|
||||
root_name=""
|
||||
elif [[ "$PUBLIC_DOMAIN" == *".$BASE_DOMAIN" ]]; then
|
||||
root_name="${PUBLIC_DOMAIN%.${BASE_DOMAIN}}"
|
||||
else
|
||||
echo "PUBLIC_DOMAIN must equal BASE_DOMAIN or be a subdomain of BASE_DOMAIN" >&2
|
||||
exit 1
|
||||
fi
|
||||
if [[ -n "$root_name" ]]; then
|
||||
git_name="git.$root_name"
|
||||
registry_name="registry.$root_name"
|
||||
else
|
||||
git_name="git"
|
||||
registry_name="registry"
|
||||
fi
|
||||
|
||||
payload() {
|
||||
local content="$1"
|
||||
printf '{"apikey":"%s","secretapikey":"%s","content":"%s","ttl":"600"}' \
|
||||
"$PORKBUN_API_KEY" "$PORKBUN_SECRET_API_KEY" "$content"
|
||||
local name="$1"
|
||||
local content="$2"
|
||||
printf '{"apikey":"%s","secretapikey":"%s","name":"%s","type":"A","content":"%s","ttl":"600"}' \
|
||||
"$PORKBUN_API_KEY" "$PORKBUN_SECRET_API_KEY" "$name" "$content"
|
||||
}
|
||||
|
||||
list_records() {
|
||||
|
|
@ -31,13 +45,9 @@ list_records() {
|
|||
--data "{\"apikey\":\"$PORKBUN_API_KEY\",\"secretapikey\":\"$PORKBUN_SECRET_API_KEY\"}"
|
||||
}
|
||||
|
||||
upsert_a_record() {
|
||||
local name="$1"
|
||||
local fqdn="$BASE_DOMAIN"
|
||||
[[ -n "$name" ]] && fqdn="$name.$BASE_DOMAIN"
|
||||
|
||||
local record_id
|
||||
record_id=$(python3 - "$fqdn" "$(list_records)" <<'PY'
|
||||
lookup_record_id() {
|
||||
local fqdn="$1"
|
||||
python3 - "$fqdn" "$(list_records)" <<'PY'
|
||||
import json,sys
|
||||
fqdn=sys.argv[1]
|
||||
data=json.loads(sys.argv[2])
|
||||
|
|
@ -46,17 +56,31 @@ for rec in data.get('records', []):
|
|||
print(rec.get('id',''))
|
||||
break
|
||||
PY
|
||||
)
|
||||
}
|
||||
|
||||
upsert_a_record() {
|
||||
local name="$1"
|
||||
local fqdn="$BASE_DOMAIN"
|
||||
[[ -n "$name" ]] && fqdn="$name.$BASE_DOMAIN"
|
||||
|
||||
local record_id
|
||||
record_id=$(lookup_record_id "$fqdn")
|
||||
|
||||
if [[ -n "$record_id" ]]; then
|
||||
curl -fsS "$api_base/dns/edit/$BASE_DOMAIN/$record_id" \
|
||||
-H 'Content-Type: application/json' \
|
||||
--data "$(payload "$SERVER_IP")" >/dev/null
|
||||
echo "updated A $fqdn -> $SERVER_IP"
|
||||
else
|
||||
local body
|
||||
body=$(printf '{"apikey":"%s","secretapikey":"%s","name":"%s","type":"A","content":"%s","ttl":"600"}' \
|
||||
"$PORKBUN_API_KEY" "$PORKBUN_SECRET_API_KEY" "$name" "$SERVER_IP")
|
||||
|
||||
if [[ -n "$record_id" ]]; then
|
||||
local delete_body
|
||||
delete_body=$(printf '{"apikey":"%s","secretapikey":"%s"}' "$PORKBUN_API_KEY" "$PORKBUN_SECRET_API_KEY")
|
||||
curl -fsS "$api_base/dns/delete/$BASE_DOMAIN/$record_id" \
|
||||
-H 'Content-Type: application/json' \
|
||||
--data "$delete_body" >/dev/null
|
||||
curl -fsS "$api_base/dns/create/$BASE_DOMAIN" \
|
||||
-H 'Content-Type: application/json' \
|
||||
--data "$body" >/dev/null
|
||||
echo "updated A $fqdn -> $SERVER_IP"
|
||||
else
|
||||
curl -fsS "$api_base/dns/create/$BASE_DOMAIN" \
|
||||
-H 'Content-Type: application/json' \
|
||||
--data "$body" >/dev/null
|
||||
|
|
@ -64,8 +88,42 @@ PY
|
|||
fi
|
||||
}
|
||||
|
||||
delete_a_record() {
|
||||
local name="$1"
|
||||
local fqdn="$BASE_DOMAIN"
|
||||
[[ -n "$name" ]] && fqdn="$name.$BASE_DOMAIN"
|
||||
|
||||
local record_id
|
||||
record_id=$(lookup_record_id "$fqdn")
|
||||
|
||||
if [[ -n "$record_id" ]]; then
|
||||
local body
|
||||
body=$(printf '{"apikey":"%s","secretapikey":"%s"}' "$PORKBUN_API_KEY" "$PORKBUN_SECRET_API_KEY")
|
||||
curl -fsS "$api_base/dns/delete/$BASE_DOMAIN/$record_id" \
|
||||
-H 'Content-Type: application/json' \
|
||||
--data "$body" >/dev/null
|
||||
echo "deleted A $fqdn"
|
||||
else
|
||||
echo "skipped missing A $fqdn"
|
||||
fi
|
||||
}
|
||||
|
||||
case "$DNS_MODE" in
|
||||
upsert)
|
||||
: "${SERVER_IP:?set SERVER_IP}"
|
||||
upsert_a_record "$root_name"
|
||||
upsert_a_record "$git_name"
|
||||
upsert_a_record "$registry_name"
|
||||
|
||||
echo "porkbun dns updated for $BASE_DOMAIN, git.$BASE_DOMAIN, registry.$BASE_DOMAIN"
|
||||
echo "porkbun dns updated for $PUBLIC_DOMAIN, git.$PUBLIC_DOMAIN, registry.$PUBLIC_DOMAIN"
|
||||
;;
|
||||
delete)
|
||||
delete_a_record "$root_name"
|
||||
delete_a_record "$git_name"
|
||||
delete_a_record "$registry_name"
|
||||
echo "porkbun dns cleanup finished for $PUBLIC_DOMAIN, git.$PUBLIC_DOMAIN, registry.$PUBLIC_DOMAIN"
|
||||
;;
|
||||
*)
|
||||
echo "unsupported DNS_MODE: $DNS_MODE" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue