bash_scripts/ddns-acme-porkbun

@@ -0,0 +1,48 @@
+#!/usr/bin/bash
+
+if [ ! -f "/etc/ddns-acme-porkbun.env" ]; then
+	echo "Porkbun API key .env missing"
+	exit 1
+fi
+
+set -a; source /etc/ddns-acme-porkbun.env; set +a
+
+if [ -z "$EMAIL" ] || [ -z "$DOMAINS" ] || [ -z "$PORKBUN_SECRET_API_KEY" ] || [ -z "$PORKBUN_API_KEY" ]; then
+	echo "Bad .env file"
+	exit 1
+fi
+
+ddns_update() {
+	while true;
+	do
+		ddns-porkbun
+		case "#?" in
+			"1")
+				echo "Fatal error"
+				exit 1
+				;;
+			"2")
+				echo "Retrying"
+				;;
+			"0")
+				echo "DNS updated"
+				break
+				;;
+		esac
+	done
+}
+
+ddns_update
+if [ "#?" -eq "1" ]; then
+	echo "DDNS script failed, check credentials/domain"
+fi
+
+if [ "$1" = "renew" ]; then
+	LEGO_ARG="renew"
+else
+	LEGO_ARG="run"
+fi
+
+
+cd /etc/nginx
+lego --email "$EMAIL" --dns porkbun "${DOMAINS[@]/#/-d }" $LEGO_ARG

basic_configs/debian-hetzner-init

@@ -0,0 +1,47 @@
+#cloud-config
+# vim: syntax=yaml
+packages:
+  - ufw
+  - nginx
+  - lego
+  - wireguard
+  - python-requests
+
+package_update: true
+package_upgrade: true
+
+write-files:
+  - encoding: b64
+    content: ${WRAPPER_SCRIPT}
+    owner: root:root
+    path: /usr/local/bin/ddns-acme-porkbun
+    permissions: '0744'
+  - encoding: b64
+    content: ${DDNS_SCRIPT}
+    owner: root:root
+    path: /usr/local/bin/ddns-porkbun
+    permissions: '0744'
+  - content: |
+      [Unit]
+      Description=Renew acme certs and DDNS update
+      [Service]
+      Type=oneshot
+      ExecStart=/usr/local/bin/ddns-acme-porkbun renew
+    owner: root:root
+    path: /etc/systemd/system/ddns-acme-porkbun.service
+    permissions: '0644'
+  - content: |
+      [Unit]
+      Description=Renew certs and dns records periodically
+      [Timer]
+      OnCalendar=*-01,03,05,07,09,11-01 02:00:00
+      RandomizedDelaySec=12h
+      Persistent=true
+      [Install]
+      WantedBy=timers.target
+    owner: root:root
+    path: /usr/local/bin/ddns-acme-porkbun.timer
+    permissions: '0644'
+
+runcmd:
+ - reboot