WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update netcup/update_tlsa_record.md

Browse Source
This commit is contained in:
Manuel Gläser
2025-01-26 17:15:44 +00:00
parent dbc9edb870
commit 9721ab7a7c
1 changed files with 63 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
netcup/update_tlsa_record.md
View File

@@ -20,11 +20,11 @@ GOTIFY_TOKEN=<- DEIN-APP-TOKEN ->
```python ```python
#!/bin/bash #!/bin/bash
# .env Datei laden # netcup.env Datei laden
if [ -f netcup.env ]; then if [ -f netcup.env ]; then
export $(grep -v '^#' netcup.env | xargs) export $(grep -v '^#' netcup.env | xargs)
else else
echo "Fehler: .env Datei nicht gefunden!" echo "Fehler: netcup.env Datei nicht gefunden!"
exit 1 exit 1
fi fi
@@ -34,10 +34,6 @@ CA_CERTIFICATE_DIR="/etc/ssl/certs" # Verzeichnis, in dem CA-Zertifikate gespeic
# URL der Netcup API # URL der Netcup API
API_URL="https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON" API_URL="https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON"
# Gotify-URL und Token für spezifische App
GOTIFY_URL="$GOTIFY_URL"
GOTIFY_TOKEN="$GOTIFY_TOKEN"
# Funktion für Gotify-Benachrichtigungen # Funktion für Gotify-Benachrichtigungen
send_gotify_notification() { send_gotify_notification() {
local TITLE="$1" local TITLE="$1"
@@ -117,7 +113,6 @@ SESSION_ID=$(echo "$LOGIN_RESPONSE" | jq -r '.responsedata.apisessionid')
if [[ -z "$SESSION_ID" || "$SESSION_ID" == "null" ]]; then if [[ -z "$SESSION_ID" || "$SESSION_ID" == "null" ]]; then
ERROR_MSG="Fehler beim Login!" ERROR_MSG="Fehler beim Login!"
echo "$ERROR_MSG" echo "$ERROR_MSG"
echo "$LOGIN_RESPONSE"
send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10 send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
exit 1 exit 1
fi fi
@@ -138,21 +133,66 @@ DNS_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
RECORDS=$(echo "$DNS_RESPONSE" | jq -r '.responsedata.dnsrecords // []') RECORDS=$(echo "$DNS_RESPONSE" | jq -r '.responsedata.dnsrecords // []')
# Prüfen und aktualisieren der TLSA-Records # Spezifische TLSA-Records überprüfen und aktualisieren oder erstellen
update_tlsa_record() { update_tlsa_record() {
local HOSTNAME="$1" local HOSTNAME="$1"
local TYPE="$2" local TYPE="$2"
local HASH="$3" local HASH="$3"
EXISTING_RECORD=$(echo "$RECORDS" | jq -r ".[] | select(.hostname == \"$HOSTNAME\" and .type == \"TLSA\") | .destination // \"\"" | grep -E "^$TYPE.*$HASH") EXISTING_RECORD=$(echo "$RECORDS" | jq -r ".[] | select(.hostname == \"$HOSTNAME\" and .type == \"TLSA\" and (.destination | tostring | startswith(\"$TYPE\")))")
if [[ -n "$EXISTING_RECORD" ]]; then if [[ -n "$EXISTING_RECORD" ]]; then
echo "TLSA-Record existiert bereits: $HOSTNAME $TYPE $HASH" RECORD_ID=$(echo "$EXISTING_RECORD" | jq -r '.id')
else OLD_DESTINATION=$(echo "$EXISTING_RECORD" | jq -r '.destination')
echo "TLSA-Record wird aktualisiert: $HOSTNAME $TYPE $HASH"
send_gotify_notification "TLSA Script Info" "TLSA-Record wird aktualisiert: $HOSTNAME $TYPE $HASH" 5
DNS_UPDATE_PAYLOAD='{ if [[ "$OLD_DESTINATION" == "$TYPE $HASH" ]]; then
echo "TLSA-Record ist identisch: $HOSTNAME $TYPE $HASH"
else
echo "Aktualisiere bestehenden TLSA-Record: $HOSTNAME"
echo "Von: $OLD_DESTINATION"
echo "Nach: $TYPE $HASH"
send_gotify_notification "TLSA Script Update" "TLSA-Record alt: $OLD_DESTINATION" 5
DNS_UPDATE_PAYLOAD='{
"action": "updateDnsRecords",
"param": {
"customernumber": "'"$CUSTOMER_NUMBER"'",
"apikey": "'"$API_KEY"'",
"apisessionid": "'"$SESSION_ID"'",
"domainname": "'"$DOMAIN"'",
"dnsrecordset": {
"dnsrecords": [
{
"id": "'"$RECORD_ID"'",
"hostname": "'"$HOSTNAME"'",
"type": "TLSA",
"destination": "'"$TYPE $HASH"'",
"state": "yes"
}
]
}
}
}'
UPDATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
-d "$DNS_UPDATE_PAYLOAD" "$API_URL")
UPDATE_STATUS=$(echo "$UPDATE_RESPONSE" | jq -r '.status')
if [[ "$UPDATE_STATUS" == "success" ]]; then
echo "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH"
send_gotify_notification "TLSA Script Erfolg" "TLSA-Record neu: $TYPE $HASH" 0
else
ERROR_MSG="Fehler beim Aktualisieren des TLSA-Records: $HOSTNAME $TYPE $HASH"
echo "$ERROR_MSG"
echo "$UPDATE_RESPONSE"
send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
fi
fi
else
echo "Erstelle neuen TLSA-Record: $HOSTNAME $TYPE $HASH"
DNS_CREATE_PAYLOAD='{
"action": "updateDnsRecords", "action": "updateDnsRecords",
"param": { "param": {
"customernumber": "'"$CUSTOMER_NUMBER"'", "customernumber": "'"$CUSTOMER_NUMBER"'",
@@ -172,23 +212,24 @@ update_tlsa_record() {
} }
}' }'
UPDATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \ CREATE_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" \
-d "$DNS_UPDATE_PAYLOAD" "$API_URL") -d "$DNS_CREATE_PAYLOAD" "$API_URL")
UPDATE_STATUS=$(echo "$UPDATE_RESPONSE" | jq -r '.status') CREATE_STATUS=$(echo "$CREATE_RESPONSE" | jq -r '.status')
if [[ "$UPDATE_STATUS" == "success" ]]; then if [[ "$CREATE_STATUS" == "success" ]]; then
echo "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH" echo "TLSA-Record erfolgreich erstellt: $HOSTNAME $TYPE $HASH"
send_gotify_notification "TLSA Script Erfolg" "TLSA-Record erfolgreich aktualisiert: $HOSTNAME $TYPE $HASH" 0 send_gotify_notification "TLSA Script Erfolg" "TLSA-Record erfolgreich erstellt: $HOSTNAME $TYPE $HASH" 0
else else
ERROR_MSG="Fehler beim Aktualisieren des TLSA-Records: $HOSTNAME $TYPE $HASH" ERROR_MSG="Fehler beim Erstellen des TLSA-Records: $HOSTNAME $TYPE $HASH"
echo "$ERROR_MSG" echo "$ERROR_MSG"
echo "$UPDATE_RESPONSE" echo "$CREATE_RESPONSE"
send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10 send_gotify_notification "TLSA Script Fehler" "$ERROR_MSG" 10
fi fi
fi fi
} }
# Aktualisieren oder Erstellen der TLSA-Records
update_tlsa_record "_25._tcp.mail" "3 1 1" "$TLSA_HASH_CURRENT" update_tlsa_record "_25._tcp.mail" "3 1 1" "$TLSA_HASH_CURRENT"
update_tlsa_record "_25._tcp.mail" "2 1 1" "$TLSA_HASH_CA" update_tlsa_record "_25._tcp.mail" "2 1 1" "$TLSA_HASH_CA"