Add support for TransIP DNS Provider (home-assistant#1322)

* Add TransIP DNS Provider * Cleanup and fix SC errors. * Fix SC2004.
alanv · May 23, 2020 · 80da6e8 · 80da6e8
1 parent b94bea1
commit 80da6e8
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 4 deletions.
diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
@@ -80,6 +80,8 @@ netcup_api_key: ''
 netcup_api_password: ''
 gandi_api_key: ''
 gandi_sharing_id: ''
+transip_username: ''
+transip_api_key: ''
 ```
 
 ## Example Configurations
@@ -200,6 +202,29 @@ dns:
   cloudflare_api_key: 0123456789abcdef0123456789abcdef01234
 ```
 
+### TransIP
+
+You will need to generate an API key from the TransIP Control Panel at https://www.transip.nl/cp/account/api/.
+
+The propagation limit will be automatically raised to 240 seconds.
+
+Example configuration:
+```yaml
+email: [email protected]
+domains:
+  - your.domain.tld
+certfile: fullchain.pem
+keyfile: privkey.pem
+challenge: dns
+dns:
+  provider: dns-transip
+  transip_username: transip-user
+  transip_api_key: |
+    -----BEGIN PRIVATE KEY-----
+    MII..ABCDEFGHIJKLMNOPQRSTUVWXYZ
+    AAAAAABCDEFGHIJKLMNOPQRSTUVWXYZ
+    -----END PRIVATE KEY-----
+```
 
 ## Certificate files
 
@@ -227,6 +252,7 @@ dns-route53
 dns-sakuracloud
 dns-netcup
 dns-gandi
+dns-transip
 ```
 
 ## Support

diff --git a/letsencrypt/Dockerfile b/letsencrypt/Dockerfile
@@ -5,6 +5,7 @@ FROM $BUILD_FROM
 ARG CERTBOT_VERSION
 ARG CERTBOT_NETCUP_VERSION
 ARG CERTBOT_GANDI_VERSION
+ARG CERTBOT_DNS_TRANSIP_VERSION
 
 RUN apk add --no-cache --update \
         libffi \
@@ -34,6 +35,7 @@ RUN apk add --no-cache --update \
         certbot-dns-sakuracloud==${CERTBOT_VERSION} \
         certbot-dns-netcup==${CERTBOT_NETCUP_VERSION} \
         certbot-plugin-gandi==${CERTBOT_GANDI_VERSION} \
+        certbot-dns-transip==${CERTBOT_DNS_TRANSIP_VERSION} \
     && apk del .build-dependencies
 
 # Copy data

diff --git a/letsencrypt/build.json b/letsencrypt/build.json
@@ -9,6 +9,7 @@
   "args": {
     "CERTBOT_VERSION": "1.2.0",
     "CERTBOT_NETCUP_VERSION": "0.31.0.1",
-    "CERTBOT_GANDI_VERSION": "1.2.5"
+    "CERTBOT_GANDI_VERSION": "1.2.5",
+    "CERTBOT_DNS_TRANSIP_VERSION": "0.3.0"
   }
 }
diff --git a/letsencrypt/config.json b/letsencrypt/config.json
@@ -30,7 +30,7 @@
     "keyfile": "str",
     "challenge": "list(dns|http)",
     "dns": {
-      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi)?",
+      "provider": "list(dns-cloudflare|dns-cloudxns|dns-digitalocean|dns-dnsimple|dns-dnsmadeeasy|dns-gehirn|dns-google|dns-linode|dns-luadns|dns-nsone|dns-ovh|dns-rfc2136|dns-route53|dns-sakuracloud|dns-netcup|dns-gandi|dns-transip)?",
       "propagation_seconds": "int(60,3600)?",
       "cloudflare_email": "email?",
       "cloudflare_api_key": "str?",
@@ -66,7 +66,9 @@
       "netcup_api_key": "str?",
       "netcup_api_password": "str?",
       "gandi_api_key": "str?",
-      "gandi_sharing_id": "str?"
+      "gandi_sharing_id": "str?",
+      "transip_username": "str?",
+      "transip_api_key": "str?"
     }
   },
   "image": "homeassistant/{arch}-addon-letsencrypt"

diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -35,6 +35,15 @@ echo -e "dns_cloudxns_api_key = $(bashio::config 'dns.cloudxns_api_key')\n" \
       "aws_secret_access_key = $(bashio::config 'dns.aws_secret_access_key')\n" \
       "dns_sakuracloud_api_token = $(bashio::config 'dns.sakuracloud_api_token')\n" \
       "dns_sakuracloud_api_secret = $(bashio::config 'dns.sakuracloud_api_secret')\n" \
-      "certbot_plugin_gandi:dns_api_key = $(bashio::config 'dns.gandi_api_key')" > /data/dnsapikey
+      "certbot_plugin_gandi:dns_api_key = $(bashio::config 'dns.gandi_api_key')\n" \
+      "certbot_dns_transip:dns_transip_username = $(bashio::config 'dns.transip_username')\n" \
+      "certbot_dns_transip:dns_transip_key_file = /data/transip-rsa.key" > /data/dnsapikey
 
 chmod 600 /data/dnsapikey
+
+## Prepare TransIP RSA key
+if bashio::config.exists 'dns.transip_api_key'; then
+      TRANSIP_API_KEY=$(bashio::config 'dns.transip_api_key')
+      echo "${TRANSIP_API_KEY}" | openssl rsa -out /data/transip-rsa.key
+      chmod 600 /data/transip-rsa.key
+fi
diff --git a/letsencrypt/rootfs/etc/services.d/lets-encrypt/run b/letsencrypt/rootfs/etc/services.d/lets-encrypt/run
@@ -50,6 +50,16 @@ elif bashio::config.exists 'dns.google_creds'; then
 elif bashio::config.exists 'dns.netcup_customer_id' && bashio::config.exists 'dns.netcup_api_key' && bashio::config.exists 'dns.netcup_api_password'; then
     PROVIDER_ARGUMENTS+=("--authenticator" "certbot-dns-netcup:dns-netcup" "--certbot-dns-netcup:dns-netcup-credentials" /data/dnsapikey "--certbot-dns-netcup:dns-netcup-propagation-seconds" "${PROPAGATION_SECONDS}")
 
+#TransIP
+elif [ "${CHALLENGE}" == "dns" ] && [ "${DNS_PROVIDER}" == "dns-transip" ]; then
+    bashio::config.require.username 'dns.transip_username'
+    bashio::config.require 'dns.transip_api_key'
+    if (( PROPAGATION_SECONDS < 240 )); then
+        bashio::log.info "Increasing DNS propagation limit for TransIP to at least 240 seconds."
+        PROPAGATION_SECONDS=240
+    fi
+    PROVIDER_ARGUMENTS+=("--authenticator" "certbot-${DNS_PROVIDER}:${DNS_PROVIDER}" "--certbot-${DNS_PROVIDER}:${DNS_PROVIDER}-credentials" /data/dnsapikey "--certbot-${DNS_PROVIDER}:${DNS_PROVIDER}-propagation-seconds" "${PROPAGATION_SECONDS}")
+
 # CloudFlare
 elif [ "${DNS_PROVIDER}" == "dns-cloudflare" ]; then
     if bashio::config.exists 'dns.cloudflare_api_token'; then