ansible-base/roles/tlscert_acme_inwx/files/tls-get

#!/usr/bin/env python3

import sys as _sys
import os as _os
import json as _json
import pathlib as _pathlib
import argparse as _argparse


def file_read(path):
	handle = open(path, "r")
	content = handle.read()
	handle.close()
	return content
	

def main():
	## args
	argument_parser = _argparse.ArgumentParser()
	argument_parser.add_argument(
		"-c",
		"--conf-path",
		type = str,
		dest = "conf_path",
		metavar = "<conf-path>",
		default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"),
	)
	argument_parser.add_argument(
		dest = "domain",
		metavar = "<domain>",
		help = "the domain for which the TLS certificate shall be generated"
	)
	argument_parser.add_argument(
		"-t",
		"--target-directory",
		dest = "target_directory",
		type = str,
		metavar = "<target-directory>",
		default = "/etc/ssl",
	)
	argument_parser.add_argument(
		"-x",
		"--challenge-prefix",
		dest = "challenge_prefix",
		type = str,
		metavar = "<challenge-prefix>",
		default = "_acme-challenge",
		help = "which subdomain to use for ACME challanges",
	)
	argument_parser.add_argument(
		"-w",
		"--delay",
		dest = "delay",
		type = float,
		default = 60.0,
		metavar = "<delay>",
		help = "seconds to wait at end of certbot auth hook",
	)
	argument_parser.add_argument(
		"-q",
		"--dry-run",
		dest = "dry_run",
		action = "store_true",
		default = False,
		help = "whether to only print the command on stdout instead of executing it",
	)
	args = argument_parser.parse_args()
	
	## vars
	conf = _json.loads(file_read(args.conf_path))
	le_dir = "/etc/letsencrypt/live"
	
	## exec
	command_certbot = " ".join(
		[
			"certbot",
			"certonly",
			("--email='%s'" % conf["acme_account"]["email"]),
			# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
			"--preferred-challenges='dns'",
			"--non-interactive",
			"--agree-tos",
			("--domain='%s'" % args.domain),
			"--manual",
			(
				"--manual-auth-hook='%s'"
				% " ".join(
					[
						"/usr/local/bin/inwx",
						("--username=\"%s\"" % conf["inwx_account"]["username"]),
						("--password=\"%s\"" % conf["inwx_account"]["password"]),
						"certbot-hook",
						("--delay=%.4f" % args.delay),
					]
				)
			),
			(
				"--post-hook='%s'"
				% " ".join(
					[
						"/usr/local/bin/inwx",
						("--username=\"%s\"" % conf["inwx_account"]["username"]),
						("--password=\"%s\"" % conf["inwx_account"]["password"]),
						"delete",
						("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)),
						("--type=\"TXT\""),
					]
				)
			),
		]
	)
	if (args.dry_run):
		_sys.stdout.write(command_certbot + "\n")
	else:
		_os.system(command_certbot)
		subjects = [
			{"source_name": "privkey", "target_directory": "private"},
			{"source_name": "cert", "target_directory": "certs"},
			{"source_name": "chain", "target_directory": "chains"},
			{"source_name": "fullchain", "target_directory": "fullchains"},
		]
		for subject in subjects:
			_os.system(
				"mkdir --parents %s && cp --dereference %s %s"
				% (
					_os.path.join(args.target_directory, subject["target_directory"]),
					_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),
					_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),
				)
			)
	

main()
[fix] role:tlswert_acme_inwx 2024-06-09 12:54:47 +02:00			`#!/usr/bin/env python3`

			`import sys as _sys`
			`import os as _os`
			`import json as _json`
			`import pathlib as _pathlib`
			`import argparse as _argparse`


			`def file_read(path):`
			`handle = open(path, "r")`
			`content = handle.read()`
			`handle.close()`
			`return content`


			`def main():`
			`## args`
			`argument_parser = _argparse.ArgumentParser()`
			`argument_parser.add_argument(`
			`"-c",`
			`"--conf-path",`
			`type = str,`
			`dest = "conf_path",`
			`metavar = "<conf-path>",`
			`default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"),`
			`)`
			`argument_parser.add_argument(`
			`dest = "domain",`
			`metavar = "<domain>",`
			`help = "the domain for which the TLS certificate shall be generated"`
			`)`
			`argument_parser.add_argument(`
			`"-t",`
			`"--target-directory",`
			`dest = "target_directory",`
			`type = str,`
			`metavar = "<target-directory>",`
			`default = "/etc/ssl",`
			`)`
			`argument_parser.add_argument(`
			`"-x",`
			`"--challenge-prefix",`
			`dest = "challenge_prefix",`
			`type = str,`
			`metavar = "<challenge-prefix>",`
			`default = "_acme-challenge",`
			`help = "which subdomain to use for ACME challanges",`
			`)`
			`argument_parser.add_argument(`
			`"-w",`
			`"--delay",`
			`dest = "delay",`
			`type = float,`
			`default = 60.0,`
			`metavar = "<delay>",`
			`help = "seconds to wait at end of certbot auth hook",`
			`)`
			`argument_parser.add_argument(`
			`"-q",`
			`"--dry-run",`
			`dest = "dry_run",`
			`action = "store_true",`
			`default = False,`
			`help = "whether to only print the command on stdout instead of executing it",`
			`)`
			`args = argument_parser.parse_args()`

			`## vars`
			`conf = _json.loads(file_read(args.conf_path))`
			`le_dir = "/etc/letsencrypt/live"`

			`## exec`
			`command_certbot = " ".join(`
			`[`
			`"certbot",`
			`"certonly",`
			`("--email='%s'" % conf["acme_account"]["email"]),`
			`# ("--work-dir='%s'" % conf["misc"]["working_directory"]),`
			`"--preferred-challenges='dns'",`
			`"--non-interactive",`
			`"--agree-tos",`
			`("--domain='%s'" % args.domain),`
			`"--manual",`
			`(`
			`"--manual-auth-hook='%s'"`
			`% " ".join(`
			`[`
			`"/usr/local/bin/inwx",`
			`("--username=\"%s\"" % conf["inwx_account"]["username"]),`
			`("--password=\"%s\"" % conf["inwx_account"]["password"]),`
			`"certbot-hook",`
			`("--delay=%.4f" % args.delay),`
			`]`
			`)`
			`),`
			`(`
			`"--post-hook='%s'"`
			`% " ".join(`
			`[`
			`"/usr/local/bin/inwx",`
			`("--username=\"%s\"" % conf["inwx_account"]["username"]),`
			`("--password=\"%s\"" % conf["inwx_account"]["password"]),`
			`"delete",`
			`("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)),`
			`("--type=\"TXT\""),`
			`]`
			`)`
			`),`
			`]`
			`)`
			`if (args.dry_run):`
			`_sys.stdout.write(command_certbot + "\n")`
			`else:`
			`_os.system(command_certbot)`
			`subjects = [`
			`{"source_name": "privkey", "target_directory": "private"},`
			`{"source_name": "cert", "target_directory": "certs"},`
			`{"source_name": "chain", "target_directory": "chains"},`
			`{"source_name": "fullchain", "target_directory": "fullchains"},`
			`]`
			`for subject in subjects:`
			`_os.system(`
			`"mkdir --parents %s && cp --dereference %s %s"`
			`% (`
			`_os.path.join(args.target_directory, subject["target_directory"]),`
			`_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),`
			`_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),`
			`)`
			`)`


			`main()`