Moved vps files to separate repo
This commit is contained in:
parent
e13a114f81
commit
94b623494e
6 changed files with 0 additions and 337 deletions
|
@ -1,19 +0,0 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
BASE_DIR=$(realpath "$(pwd)/$(dirname "$0")/..")
|
||||
PUB_KEYS=($(ls ~/.ssh/*.pub | xargs -d '\n' -n 1 basename))
|
||||
set -a
|
||||
WRAPPER_SCRIPT=$(base64 $BASE_DIR/bash_scripts/ddns-acme-porkbun.sh -w 0)
|
||||
DDNS_SCRIPT=$(base64 $BASE_DIR/python_scripts/ddns-porkbun.py -w 0)
|
||||
WG_CONF_BASE=$(base64 $BASE_DIR/basic_configs/wg_base.conf -w 0)
|
||||
NGINX_CONF=$(base64 $BASE_DIR/basic_configs/nginx-vps/nginx.conf -w 0)
|
||||
read -p "VPS Username: " TARGET_USERNAME
|
||||
select key_file in $PUB_KEYS
|
||||
do
|
||||
SSH_PUB_KEY=$(cat ~/.ssh/$key_file)
|
||||
break
|
||||
done
|
||||
set +a
|
||||
envsubst < $BASE_DIR/basic_configs/debian-hetzner-init.yaml | xclip -sel c
|
||||
read -p 'Input when done'
|
||||
echo -n ''| xclip -sel c
|
|
@ -1,50 +0,0 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
if [ ! -f "/etc/ddns-acme-porkbun.env" ]; then
|
||||
echo "Porkbun API key .env missing"
|
||||
exit 1
|
||||
fi
|
||||
DOMAINS=("272254864.xyz" "*.272254864.xyz")
|
||||
set -a; source /etc/ddns-acme-porkbun.env; set +a
|
||||
|
||||
if [ -z "$EMAIL" ] || [ -z "$DOMAINS" ] || [ -z "$PORKBUN_SECRET_API_KEY" ] || [ -z "$PORKBUN_API_KEY" ]; then
|
||||
echo "Bad .env file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ddns_update() {
|
||||
while true;
|
||||
do
|
||||
ddns-porkbun
|
||||
case "#?" in
|
||||
"1")
|
||||
echo "Fatal error"
|
||||
exit 1
|
||||
;;
|
||||
"2")
|
||||
echo "Retry in 5 min"
|
||||
sleep 300
|
||||
echo "Retrying"
|
||||
;;
|
||||
"0")
|
||||
echo "DNS updated"
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
ddns_update
|
||||
if [ "#?" -eq "1" ]; then
|
||||
echo "DDNS script failed, check credentials/domain"
|
||||
fi
|
||||
|
||||
if [ "$1" = "renew" ]; then
|
||||
LEGO_ARG="renew"
|
||||
else
|
||||
LEGO_ARG="run"
|
||||
fi
|
||||
|
||||
|
||||
cd /etc/nginx
|
||||
lego --email "$EMAIL" --dns porkbun "${DOMAINS[@]/#/-d }" $LEGO_ARG
|
|
@ -1,65 +0,0 @@
|
|||
#cloud-config
|
||||
# vim: syntax=yaml
|
||||
|
||||
users:
|
||||
- default
|
||||
- name: ${TARGET_USERNAME}
|
||||
sudo: ALL=ALL
|
||||
lock_passwd: true
|
||||
ssh_authorized_keys:
|
||||
- ${SSH_PUB_KEY}
|
||||
disable_root: true
|
||||
|
||||
packages:
|
||||
- ufw
|
||||
- nginx
|
||||
- lego
|
||||
- wireguard
|
||||
- python-requests
|
||||
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
|
||||
write-files:
|
||||
- encoding: b64
|
||||
content: ${WRAPPER_SCRIPT}
|
||||
owner: root:root
|
||||
path: /usr/local/bin/ddns-acme-porkbun
|
||||
permissions: '0744'
|
||||
- encoding: b64
|
||||
content: ${DDNS_SCRIPT}
|
||||
owner: root:root
|
||||
path: /usr/local/bin/ddns-porkbun
|
||||
permissions: '0744'
|
||||
- content: |
|
||||
[Unit]
|
||||
Description=Renew acme certs and DDNS update
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/ddns-acme-porkbun renew
|
||||
owner: root:root
|
||||
path: /etc/systemd/system/ddns-acme-porkbun.service
|
||||
permissions: '0644'
|
||||
- content: |
|
||||
[Unit]
|
||||
Description=Renew certs and dns records periodically
|
||||
[Timer]
|
||||
OnCalendar=*-01,03,05,07,09,11-01 02:00:00
|
||||
RandomizedDelaySec=12h
|
||||
Persistent=true
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
owner: root:root
|
||||
path: /usr/local/bin/ddns-acme-porkbun.timer
|
||||
permissions: '0644'
|
||||
- encoding: b64
|
||||
content: ${WG_CONF_BASE}
|
||||
owner: root:root
|
||||
path: /etc/wireguard/wg0.conf
|
||||
permissions: '0600'
|
||||
- encoding: b64
|
||||
content: ${NGINX_CONF}
|
||||
owner: root:root
|
||||
path: /etc/nginx/nginx.conf
|
||||
permissions: '0644'
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
set $domain 272254864.xyz;
|
||||
set $ssl_cert /etc/nginx/.lego/certificates/$domain.crt;
|
||||
set $ssl_key /etc/nginx/.lego/certificates/$domain.key;
|
||||
|
||||
worker_processes auto;
|
||||
|
||||
events {
|
||||
multi_accept on;
|
||||
worker_connections 256;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
upstream dufs {
|
||||
server 10.44.82.16:10001;
|
||||
}
|
||||
upstream cgit {
|
||||
server 10.44.82.16:10002;
|
||||
}
|
||||
upstream navi {
|
||||
server 10.44.82.16:10003;
|
||||
}
|
||||
upstream ai {
|
||||
server 10.44.82.16:10004;
|
||||
}
|
||||
upstream dns {
|
||||
server 10.44.82.16:10005;
|
||||
}
|
||||
upstream invid {
|
||||
server 10.44.82.16:10006;
|
||||
}
|
||||
upstream searx {
|
||||
server 10.44.82.16:10007;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name files.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass dufs;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name git.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass cgit;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name music.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass navi;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name ai.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass ai;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name dns.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_ssl on;
|
||||
proxy_pass dns;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name yt.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass invid;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.44.82.1:443 ssl;
|
||||
server_name search.$domain;
|
||||
ssl_certificate $ssl_cert;
|
||||
ssl_certificate_key $ssl_key;
|
||||
|
||||
proxy_pass searx;
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
[Interface]
|
||||
PrivateKey = ${WG_PRIV_KEY}
|
||||
Address = 10.44.82.1/24
|
||||
ListenPort = 2107
|
||||
|
||||
[Peer]
|
||||
PublicKey = ${WG_PEER_PUB_KEY}
|
||||
AllowedIPs = 10.44.82.4/32
|
|
@ -1,94 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import os, json, sys, ipaddress, time, re
|
||||
import requests
|
||||
|
||||
API_SLEEP = 3
|
||||
|
||||
class PorkbunClient():
|
||||
def __init__(self):
|
||||
self.secret_key = os.environ["PORKBUN_SECRET_API_KEY"]
|
||||
self.api_key = os.environ["PORKBUN_API_KEY"]
|
||||
self.client = requests.Session()
|
||||
self.porkbun_url_base = "https://porkbun.com/api/json/v3"
|
||||
self.domain = "272254864.xyz"
|
||||
self.ttl = "5184000"
|
||||
|
||||
self.get_ips()
|
||||
self.update_records()
|
||||
|
||||
def make_base_auth_body(self):
|
||||
return {
|
||||
"secretapikey": self.secret_key,
|
||||
"apikey": self.api_key
|
||||
}
|
||||
|
||||
def get_ips(self):
|
||||
ip_naive = self.get_ip()
|
||||
if ipaddress.ip_address(ip_naive).version == 4:
|
||||
self.ipv4 = ip_naive
|
||||
else:
|
||||
self.ipv6 = ip_naive
|
||||
time.sleep(API_SLEEP)
|
||||
self.ipv4 = self.get_ip(True)
|
||||
|
||||
|
||||
def get_ip(self, force_v4 = False):
|
||||
try:
|
||||
json_body = self.make_base_auth_body()
|
||||
if force_v4:
|
||||
url = "https://api-ipv4.porkbun.com/api/json/v3/ping"
|
||||
else:
|
||||
url = self.porkbun_url_base + "/ping"
|
||||
resp = self.client.post(url, json = json_body)
|
||||
if resp.status == 200:
|
||||
return json.loads(resp.text)['yourIp']
|
||||
else:
|
||||
print('API error')
|
||||
sys.exit(1)
|
||||
except:
|
||||
print('Network error')
|
||||
sys.exit(2)
|
||||
|
||||
def update_dns_record(self, content, record_type="A"):
|
||||
try:
|
||||
record = self.get_existing_record(record_type)
|
||||
time.sleep(API_SLEEP)
|
||||
json_body = self.make_base_auth_body()
|
||||
if record == None:
|
||||
url = self.porkbun_url_base + "/dns/create/" + self.domain
|
||||
json_body.update({
|
||||
"type": record_type,
|
||||
"content": content,
|
||||
"ttl": self.ttl
|
||||
})
|
||||
else:
|
||||
url = self.porkbun_url_base + "/dns/editByNameType/" + self.domain + "/" + record_type
|
||||
json_body.update({
|
||||
"content": content,
|
||||
"ttl": self.ttl
|
||||
})
|
||||
resp = self.client.post(url, json = json_body)
|
||||
if resp.status != 200:
|
||||
print('API error')
|
||||
sys.exit(1)
|
||||
|
||||
except:
|
||||
print("Network error")
|
||||
sys.exit(2)
|
||||
|
||||
|
||||
def update_records(self):
|
||||
if hasattr(self, "ipv4"):
|
||||
self.update_dns_record(self.ipv4)
|
||||
if hasattr(self, "ipv6"):
|
||||
self.update_dns_record(self.ipv6, "AAAA")
|
||||
|
||||
|
||||
|
||||
def main():
|
||||
porkbun_client = PorkbunClient()
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
Loading…
Reference in a new issue