commit c2a6dfb887c5099a0834fcd1d7a75e2eef447817 Author: nd Date: Mon Sep 30 01:46:14 2019 +0200 Initial commit diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c62f5fd --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +powerdns: + letsencrypthandler: + dbpath: '/var/lib/powerdns/letsencrypt/challenges.sqlite' diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..0d9ba08 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - { role: powerdns } diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..28f79f9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,24 @@ +- name: install powerdns backends + apt: + pkg: + - "pdns-backend-pipe" + +- name: create folders + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|d('pdns') }}" + group: "{{ item.group|d('pdns') }}" + mode: "{{ item.mode|d('0755') }}" + with_items: + - { "path": "/var/lib/powerdns/letsencrypt/" } + +- name: copy powerdns letsencrypt handler + template: + dest: /usr/local/bin/pdns.py + src: pdns-letsencrypt.py.j2 + owner: root + group: root + mode: 0755 + notify: + - restart powerdns diff --git a/templates/pdns-letsencrypt.py.j2 b/templates/pdns-letsencrypt.py.j2 new file mode 100644 index 0000000..89aa28a --- /dev/null +++ b/templates/pdns-letsencrypt.py.j2 @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 +import sys +from sys import stdin, stdout +from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter +import logging +import sqlite3 + +def parse_args(args): + parser = ArgumentParser(formatter_class=ArgumentDefaultsHelpFormatter) + parser.add_argument('--debug', action='store_true', default=False, help='Enable debugging output') + return parser.parse_args(args) + +def setupdb(): + conn = sqlite3.connect('{{ powerdns.letsencrypthandler.dbpath }}') + conn.executescript(""" + CREATE TABLE IF NOT EXISTS challenges ( + q TEXT, + value TEXT, + timestamp DEFAULT (strftime('%s','now')) + ) + """) + conn.commit() + return conn + +def get_secret(db, path): + c = db.cursor() + c.execute('SELECT * FROM challenges WHERE q = ?', (path,)) + result = c.fetchone() + if result: + return result + else: + return 'NO DATA' + +def main_query(): + db = setupdb() + data = stdin.readline() + stdout.write("OK\tpdns letsencrypt handler\n") + stdout.flush() + while True: + data = stdin.readline().strip() + kind, qname, qclass, qtype, id, ip = data.split("\t") + if qtype == "SOA": + stdout.write("DATA\t" + qname + "\t" + qclass + "\t" + qtype + "\t300\t" + id + "\t") + stdout.write("example.com. example.example.com. 1 1d 2h 4w 1h\n") + else: + stdout.write("DATA\t" + qname + "\t" + qclass + "\tTXT\t300\t" + id + "\t") + stdout.write('"' + get_secret(db, qname) + '"\n') + stdout.write("LOG\tletsencrypt pipe handler got query: '" + data + "'\n") + stdout.write("END\n") + stdout.flush() + +def main_add_challange(db): + db = setupdb() + pass + +def main(): + main_query() + +if __name__ == '__main__': + main() diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..38a1282 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,7 @@ +powerdns: + config: + launch: + "pipe:letsencrypt": {} + "pipe-letsencrypt-regex": "^_acme-challenge\\." + "pipe-letsencrypt-command": "/usr/local/bin/pdns.py" + "pipe-letsencrypt-abi-version": "1"