From 3d93bfa7df5bbff31e1cdad03a4db8df16f7d380 Mon Sep 17 00:00:00 2001
From: Alexandru Pentilescu <alexandru.pentilescu@disroot.org>
Date: Mon, 20 Dec 2021 21:06:31 +0000
Subject: [PATCH] Adding initial files

---
 .gitignore                    |  1 +
 DnsRecordDeleter.py           | 15 +++++++++++
 EnvironmentVariablesLoader.py |  3 +++
 Logger.py                     | 12 +++++++++
 Python loggers.yaml           | 23 +++++++++++++++++
 generate-dns-record.py        | 48 +++++++++++++++++++++++++++++++++++
 remove-dns-record.py          | 11 ++++++++
 7 files changed, 113 insertions(+)
 create mode 100644 DnsRecordDeleter.py
 create mode 100644 EnvironmentVariablesLoader.py
 create mode 100644 Logger.py
 create mode 100644 Python loggers.yaml
 create mode 100755 generate-dns-record.py
 create mode 100755 remove-dns-record.py

diff --git a/.gitignore b/.gitignore
index f8b73e7..7069747 100644
--- a/.gitignore
+++ b/.gitignore
@@ -138,3 +138,4 @@ dmypy.json
 # Cython debug symbols
 cython_debug/
 
+GandiAuthenticationHeader.py
diff --git a/DnsRecordDeleter.py b/DnsRecordDeleter.py
new file mode 100644
index 0000000..f048039
--- /dev/null
+++ b/DnsRecordDeleter.py
@@ -0,0 +1,15 @@
+import requests
+from Logger import load_logger
+from GandiAuthenticationHeader import get_authentication_headers
+
+logger = load_logger()
+headers = get_authentication_headers()
+LIVEDNS_API_URL = 'https://api.gandi.net/v5/livedns/domains'
+
+def delete_dns_record(subdomain, domain):
+    response = requests.delete(LIVEDNS_API_URL + '/' + domain
+            + '/records/' + subdomain, headers=headers)
+
+    if not response.ok:
+        logger.error(response.raise_for_status())
+        exit(1)
diff --git a/EnvironmentVariablesLoader.py b/EnvironmentVariablesLoader.py
new file mode 100644
index 0000000..1214252
--- /dev/null
+++ b/EnvironmentVariablesLoader.py
@@ -0,0 +1,3 @@
+import os
+
+email = os.environ['LOGGER_EMAIL']
diff --git a/Logger.py b/Logger.py
new file mode 100644
index 0000000..f4e51d8
--- /dev/null
+++ b/Logger.py
@@ -0,0 +1,12 @@
+import yaml
+import logging
+import logging.config
+import logging.handlers
+
+def load_logger():
+    with open('Python loggers.yaml') as cfg:
+        config = yaml.safe_load(cfg)
+        logging.config.dictConfig(config)
+    
+    return logging.getLogger('Certbot-Gandi-Authenticator')
+
diff --git a/Python loggers.yaml b/Python loggers.yaml
new file mode 100644
index 0000000..08167b3
--- /dev/null
+++ b/Python loggers.yaml	
@@ -0,0 +1,23 @@
+version: 1
+formatters:
+  dateTimeFormatter:
+    format: '%(name)s on %(asctime)s: [%(levelname)s] %(message)s'
+    datefmt: '%Y-%m-%d %H:%M:%S'
+handlers:
+  system:
+    class: logging.handlers.SysLogHandler
+    level: INFO
+    formatter: dateTimeFormatter
+    address: /dev/log
+  email:
+    class: logging.handlers.SMTPHandler
+    formatter: dateTimeFormatter
+    mailhost: localhost
+    fromaddr: python3@pentilescu.com
+    toaddrs: ext://EnvironmentVariablesLoader.email
+    subject: Gandi authentication failure
+    level: ERROR
+loggers: 
+  Certbot-Gandi-Authenticator:
+    level: INFO
+    handlers: [system, email]
diff --git a/generate-dns-record.py b/generate-dns-record.py
new file mode 100755
index 0000000..8172cb1
--- /dev/null
+++ b/generate-dns-record.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+
+# Purpose of this script: to create a new TXT record
+# on the Gandi DNS provider using the information
+# supplied from the CERTBOT_VALIDATION and CERTBOT_DOMAIN
+# environment variables (this was made to mainly work 
+# with certbot)
+
+import os
+import requests
+import time
+from DnsRecordDeleter import delete_dns_record
+from Logger import load_logger
+from GandiAuthenticationHeader import get_authentication_headers
+
+headers = get_authentication_headers()
+logger = load_logger()
+
+validation_token = os.environ['CERTBOT_VALIDATION']
+domain = os.environ['CERTBOT_DOMAIN']
+
+SUBDOMAIN = '_acme-challenge'
+LIVEDNS_API_URL = 'https://api.gandi.net/v5/livedns/domains'
+
+response = requests.get(LIVEDNS_API_URL + '/' + domain + '/' +
+        'records' + '/' + SUBDOMAIN, headers=headers)
+
+#if len(response.json()) > 0 and 'rrset_type' in response.json()[0]:
+#    logger.warning('Warning! Stale authentication token found!')
+#    delete_dns_record(SUBDOMAIN, domain)
+
+# Create a new TXT record from scratch
+record = {
+    "rrset_name": SUBDOMAIN,
+    "rrset_type": "TXT",
+    "rrset_ttl": 1800,
+    "rrset_values": [validation_token],
+}
+
+response = requests.post(LIVEDNS_API_URL + '/' + domain
+        + '/records', headers=headers, json=record)
+
+if not response.ok:
+    logger.error('Could not create proper DNS record for LETSENCRYPT')
+    logger.error(response.raise_for_status)
+    exit(1)
+
+time.sleep(30)
diff --git a/remove-dns-record.py b/remove-dns-record.py
new file mode 100755
index 0000000..4bc7569
--- /dev/null
+++ b/remove-dns-record.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+
+import os
+from DnsRecordDeleter import delete_dns_record
+
+SUBDOMAIN = '_acme-challenge'
+domain = os.environ['CERTBOT_DOMAIN']
+
+delete_dns_record(SUBDOMAIN, domain)
+
+