Initial commit

defaults/main.yml

@@ -0,0 +1,3 @@
+powerdns:
+  letsencrypthandler:
+    dbpath: '/var/lib/powerdns/letsencrypt/challenges.sqlite'

meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - { role: powerdns }

tasks/main.yml

@@ -0,0 +1,24 @@
+- name: install powerdns backends
+  apt:
+    pkg:
+    - "pdns-backend-pipe"
+
+- name: create folders
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|d('pdns') }}"
+    group: "{{ item.group|d('pdns') }}"
+    mode: "{{ item.mode|d('0755') }}"
+  with_items:
+  - { "path": "/var/lib/powerdns/letsencrypt/" }
+
+- name: copy powerdns letsencrypt handler
+  template:
+    dest: /usr/local/bin/pdns.py
+    src: pdns-letsencrypt.py.j2
+    owner: root
+    group: root
+    mode: 0755
+  notify:
+  - restart powerdns

templates/pdns-letsencrypt.py.j2

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import sys
+from sys import stdin, stdout
+from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
+import logging
+import sqlite3
+
+def parse_args(args):
+	parser = ArgumentParser(formatter_class=ArgumentDefaultsHelpFormatter)
+	parser.add_argument('--debug', action='store_true', default=False, help='Enable debugging output')
+	return parser.parse_args(args)
+
+def setupdb():
+	conn = sqlite3.connect('{{ powerdns.letsencrypthandler.dbpath }}')
+	conn.executescript("""
+		CREATE TABLE IF NOT EXISTS challenges (
+			q	TEXT,
+			value	TEXT,
+			timestamp	DEFAULT	(strftime('%s','now'))
+		)
+	""")
+	conn.commit()
+	return conn
+
+def get_secret(db, path):
+	c = db.cursor()
+	c.execute('SELECT * FROM challenges WHERE q = ?', (path,))
+	result = c.fetchone()
+	if result:
+		return result
+	else:
+		return 'NO DATA'
+
+def main_query():
+	db = setupdb()
+	data = stdin.readline()
+	stdout.write("OK\tpdns letsencrypt handler\n")
+	stdout.flush()
+	while True:
+		data = stdin.readline().strip()
+		kind, qname, qclass, qtype, id, ip = data.split("\t")
+		if qtype == "SOA":
+			stdout.write("DATA\t" + qname + "\t" + qclass + "\t" + qtype + "\t300\t" + id + "\t")
+			stdout.write("example.com. example.example.com. 1 1d 2h 4w 1h\n")
+		else:
+			stdout.write("DATA\t" + qname + "\t" + qclass + "\tTXT\t300\t" + id + "\t")
+			stdout.write('"' + get_secret(db, qname) + '"\n')
+		stdout.write("LOG\tletsencrypt pipe handler got query: '" + data + "'\n")
+		stdout.write("END\n")
+		stdout.flush()
+
+def main_add_challange(db):
+	db = setupdb()
+	pass
+
+def main():
+	main_query()
+
+if __name__ == '__main__':
+	main()

vars/main.yml

@@ -0,0 +1,7 @@
+powerdns:
+  config:
+    launch:
+      "pipe:letsencrypt": {}
+    "pipe-letsencrypt-regex": "^_acme-challenge\\."
+    "pipe-letsencrypt-command": "/usr/local/bin/pdns.py"
+    "pipe-letsencrypt-abi-version": "1"