From fe6b327b273766ff4c9c15d06f894326c048383f Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Mon, 24 Aug 2020 13:28:59 +0300 Subject: [PATCH 1/7] Enchanced script compatibility --- static/configuration.nix | 25 ++++++++++++++++ static/mailserver.nix | 65 ++++++++++++++++++++++++++++++++++++++++ static/server.sh | 21 ++++++------- 3 files changed, 101 insertions(+), 10 deletions(-) create mode 100644 static/configuration.nix create mode 100644 static/mailserver.nix diff --git a/static/configuration.nix b/static/configuration.nix new file mode 100644 index 0000000..0d1ef75 --- /dev/null +++ b/static/configuration.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ./mailserver.nix + + ]; + + boot.cleanTmpDir = true; + networking.hostName = "nixos-mailserver"; + networking.firewall.allowPing = true; + networking.firewall.allowedTCPPorts = [ 22 443 80 143 993 587 25 465 ]; + networking.firewall.allowedUDPPorts = [ 443 80 143 993 587 25 465 ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + + ]; + environment.systemPackages = with pkgs; [ + htop + vim + letsencrypt + opendkim + ]; + system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = false; +} diff --git a/static/mailserver.nix b/static/mailserver.nix new file mode 100644 index 0000000..f7168d1 --- /dev/null +++ b/static/mailserver.nix @@ -0,0 +1,65 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball { + # Pick a commit from the branch you are interested in + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/4008d0cb/nixos-mailserver-4008d0cb.tar.gz"; + # And set its hash + sha256 = "1y9svi3nrg24ky1gqbpa3zhnhhin399h0cmnf81hb4yn75mlqiqx"; + }) + ]; + + + mailserver = { + enable = true; + fqdn = "example.com"; + domains = [ "example.com" ]; + + # A list of all login accounts. To create the password hashes, use + # mkpasswd -m sha-512 "super secret password" + loginAccounts = { + "test@example.com" = { + hashedPassword = "$6$ABz9oq7Ha3ddtTeD$qnBACjNEXrwkXdx8UM6sJEM6qeGZSvjNd0KaZEsq.fAHh31Jrxls1OWBgSxSjM200zTqB91v7qlR.hwMESICw1"; + + #aliases = [ + # "mail@example.com" + #]; + + # Make this user the catchAll address for domains blah.com and + # example2.com + catchAll = [ + "example.com" + ]; + }; + + }; + + # Extra virtual aliases. These are email addresses that are forwarded to + # loginAccounts addresses. + extraVirtualAliases = { + # address = forward address; + "admin@example.com" = "test@example.com"; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + dkimSelector = "selector"; + + # Enable the ManageSieve protocol + enableManageSieve = false; + + virusScanning = false; + }; + security.acme = { + acceptTerms = true; + # Replace the email here! + email = "test@example.com"; +}; +} diff --git a/static/server.sh b/static/server.sh index e530048..2f52e73 100755 --- a/static/server.sh +++ b/static/server.sh @@ -5,15 +5,16 @@ InstallDependencies() { packagesNeeded='curl jq' - if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded - elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded - elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded - elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded - elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded - elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded + if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded # Alpine Linux + elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded # Debian/Ubuntu Linux + elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded # Fedora Linux + elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded # openSUSE Linux + elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux + elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded # Gentoo Linux + elif [ -x "$(command -v nix-env)" ]; then nix-env -iA $packagesNeeded # NixOS else echo "FAILED TO INSTALL PACKAGE: Package manager not found. You must manually install: $packagesNeeded">&2; fi - wget http://192.168.0.104/configuration.nix - wget http://192.168.0.104/mailserver.nix + wget https://selfprivacy.org/configuration.nix + wget https://selfprivacy.org/mailserver.nix } CollectData() { @@ -181,7 +182,7 @@ printf "Waiting for the server to create...\n" MakeServer sleep 30 printf "Waiting for nixos-infect to replace system files(this may take some time)...\n" -sleep 180 +sleep 200 GetMachineIP ApplyConfig GetDKIM @@ -194,7 +195,7 @@ CreateMXRecord CreateDMARCRecord CreateSPFRecord CreateDKIMRecord -echo "done" +printf "done\n" printf "Clearing temporary files..." ClearTempFiles printf "done\n" From 5e678c308528dd751e2225b01b48f4481e882d62 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Mon, 24 Aug 2020 13:39:03 +0300 Subject: [PATCH 2/7] Enchanced security policy --- static/mailserver.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/mailserver.nix b/static/mailserver.nix index f7168d1..b1efa40 100644 --- a/static/mailserver.nix +++ b/static/mailserver.nix @@ -46,7 +46,7 @@ certificateScheme = 3; # Enable IMAP and POP3 - enableImap = true; + enableImap = false; enablePop3 = false; enableImapSsl = true; enablePop3Ssl = false; From 0dcb89c5bbd9b27370431131144e89662a9aed1a Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Tue, 25 Aug 2020 17:41:04 +0300 Subject: [PATCH 3/7] Added backbone of monitoring implementation --- static/configuration.nix | 1 + static/goss.nix | 15 +++++++++++++++ static/server.sh | 9 ++++++++- validate.sh | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 static/goss.nix create mode 100755 validate.sh diff --git a/static/configuration.nix b/static/configuration.nix index 0d1ef75..d15c13f 100644 --- a/static/configuration.nix +++ b/static/configuration.nix @@ -2,6 +2,7 @@ imports = [ ./hardware-configuration.nix ./mailserver.nix + ./goss.nix ]; diff --git a/static/goss.nix b/static/goss.nix new file mode 100644 index 0000000..1bbfe5e --- /dev/null +++ b/static/goss.nix @@ -0,0 +1,15 @@ +{ pkgs ? import {} }: +pkgs.stdenv.mkDerivation { + name = "goss"; + src = pkgs.fetchurl { + url = "https://github.com/aelsabbahy/goss/releases/download/v0.3.13/goss-linux-amd64"; + sha256 = "1q0kfdbifffszikcl0warzmqvsbx4bg19l9a3vv6yww2jvzj4dgb"; + }; + phases = ["installPhase" "patchPhase"]; + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/goss + chmod +x $out/bin/goss + cp $out/bin/goss . + ''; +} diff --git a/static/server.sh b/static/server.sh index 2f52e73..bde7125 100755 --- a/static/server.sh +++ b/static/server.sh @@ -62,7 +62,7 @@ MakeConfig() sed -i '31s/.*/\t\t"'"$DOMAIN"'"/' mailserver.nix sed -i '41s/.*/\t "admin@'"$DOMAIN"'" = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix sed -i '63s/.*/ email = "'"$USERNAME"'@'"$DOMAIN"'";/' mailserver.nix - sed -i "15s,.*,\t\"${sshKey}\"," configuration.nix + sed -i "16s,.*,\t\"${sshKey}\"," configuration.nix } MakeServer() @@ -90,6 +90,7 @@ ApplyConfig() ssh -i ~/.nix-ms/id_rsa "root@$machineip" echo "Authentificated" scp -i ~/.nix-ms/id_rsa mailserver.nix "root@$machineip:/root" scp -i ~/.nix-ms/id_rsa configuration.nix "root@$machineip:/root" + scp -i ~/.nix-ms/id_rsa goss.yaml "root@$machineip:/root" ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/mailserver.nix /etc/nixos/mailserver.nix ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/configuration.nix /etc/nixos/configuration.nix sleep 3 @@ -169,6 +170,12 @@ CreateDKIMRecord() } +PostInstallation() +{ + ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/ + ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve & +} + CollectData InstallDependencies GenerateSSHKey diff --git a/validate.sh b/validate.sh new file mode 100755 index 0000000..65b1728 --- /dev/null +++ b/validate.sh @@ -0,0 +1,37 @@ +#!/bin/bash +export DOMAIN=scipttestingengine.tk +export CLOUDFLARE_EMAIL=ilchub5@gmail.com +export CLOUDFLARE_TOKEN=d170e27d9743cf741551beaff9aa2455417a6 +export HETZNER_TOKEN=TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH +#curl \ +# -X DELETE \ +# -H "Authorization: Bearer TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH" \ +# 'https://api.hetzner.cloud/v1/servers/{id}' + +curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json + +#jq '.result[0].id' .cloudflare_records.json + +export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) +curl -X GET "https://api.cloudflare.com/client/v4/zones/'$zoneid'/dns_records" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json + +for i in `seq 0 4` +do + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/'"(jq '.result['$i'].id' .cloudflare_records.json | (sed -e 's/^"//' -e 's/"$//')')"'" \ + -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ + -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Content-Type: application/json" +done + +curl \ + -H "Authorization: Bearer $HETZNER_TOKEN" \ + 'https://api.hetzner.cloud/v1/servers' > .hetzner_machines.json + +export machineid=$( for i in {0..24}; do jq 'if .servers['$i'].name == "nixos-mailserver" then .servers['$i'].id else null end' ) + +curl \ + -X DELETE \ + -H "Authorization: Bearer $API_TOKEN" \ + 'https://api.hetzner.cloud/v1/servers/$machineid' + +bash <(curl -s https://selfprivacy.org/server.sh) From 4d367b7f65488f84fb499f4390d793876758c9fa Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Tue, 25 Aug 2020 17:41:33 +0300 Subject: [PATCH 4/7] Added backbone of monitoring implementation --- validate.sh => static/validate.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename validate.sh => static/validate.sh (100%) diff --git a/validate.sh b/static/validate.sh similarity index 100% rename from validate.sh rename to static/validate.sh From 3144852b6308a0a20401d3285f864992d3175428 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Wed, 26 Aug 2020 11:14:36 +0300 Subject: [PATCH 5/7] ID parsing fix --- static/validate.sh | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/static/validate.sh b/static/validate.sh index 65b1728..69bfc73 100755 --- a/static/validate.sh +++ b/static/validate.sh @@ -3,24 +3,17 @@ export DOMAIN=scipttestingengine.tk export CLOUDFLARE_EMAIL=ilchub5@gmail.com export CLOUDFLARE_TOKEN=d170e27d9743cf741551beaff9aa2455417a6 export HETZNER_TOKEN=TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH -#curl \ -# -X DELETE \ -# -H "Authorization: Bearer TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH" \ -# 'https://api.hetzner.cloud/v1/servers/{id}' -curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json +curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json -#jq '.result[0].id' .cloudflare_records.json export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) -curl -X GET "https://api.cloudflare.com/client/v4/zones/'$zoneid'/dns_records" -H "X-Auth-Email: ilchub5@gmail.com" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json +curl -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json for i in `seq 0 4` do - curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/'"(jq '.result['$i'].id' .cloudflare_records.json | (sed -e 's/^"//' -e 's/"$//')')"'" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ - -H "Content-Type: application/json" + export recordid=$(jq '.result['$i'].id' .cloudflare_records.json | sed -e 's/^"//' -e 's/"$//') + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" done curl \ From 0d1e4d570a7eaaf7b93209c1a9d677aa15791b5a Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Wed, 26 Aug 2020 16:31:08 +0300 Subject: [PATCH 6/7] Beta CI/CD implementation --- static/server.sh | 42 ++++++++++++++++++++++++++---------------- static/validate.sh | 13 ++++++------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/static/server.sh b/static/server.sh index bde7125..295ba93 100755 --- a/static/server.sh +++ b/static/server.sh @@ -8,6 +8,7 @@ InstallDependencies() if [ -x "$(command -v apk)" ]; then sudo apk add --no-cache $packagesNeeded # Alpine Linux elif [ -x "$(command -v apt-get)" ]; then sudo apt-get install $packagesNeeded # Debian/Ubuntu Linux elif [ -x "$(command -v dnf)" ]; then sudo dnf install $packagesNeeded # Fedora Linux + elif [ -x "$(command -v rpm-ostree)" ]; then sudo rpm-ostree install $packagesNeeded # Fedora Linux Silverblue elif [ -x "$(command -v zypper)" ]; then sudo zypper install $packagesNeeded # openSUSE Linux elif [ -x "$(command -v pacman)" ]; then sudo pacman -S $packagesNeeded # Arch/Manjaro Linux elif [ -x "$(command -v emerge)" ]; then sudo emerge --ask $packagesNeeded # Gentoo Linux @@ -20,10 +21,8 @@ CollectData() { read -p "Please, paste your Hetzner API token here: " HETZNER_TOKEN echo $HETZNER_TOKEN - read -p "Please paste your CloudFlare global API key here: " CLOUDFLARE_TOKEN + read -p "Please paste your CloudFlare Token: " CLOUDFLARE_TOKEN echo $CLOUDFLARE_TOKEN - read -p "Please enter your CloudFlare e-mail here: " CLOUDFLARE_EMAIL - echo $CLOUDFLARE_EMAIL read -p "Please define your domain there: " DOMAIN echo $DOMAIN read -p "Please define your mail username: " USERNAME @@ -121,8 +120,7 @@ ClearTempFiles() GetZoneID() { curl -s -X GET "https://api.cloudflare.com/client/v4/zones" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ -H "Content-Type: application/json" > .cloudflare.json export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) } @@ -130,8 +128,7 @@ GetZoneID() CreateARecord() { curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ -H "Content-Type: application/json" \ --data '{"type":"A","name":"'$DOMAIN'","content":"'$machineip'","ttl":3600,"priority":10,"proxied":false}' > /dev/null } @@ -139,8 +136,7 @@ CreateARecord() CreateMXRecord() { curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ -H "Content-Type: application/json" \ --data '{"type":"MX","name":"@","content":"'$DOMAIN'","ttl":3600,"priority":10,"proxied":false}' > /dev/null } @@ -148,8 +144,7 @@ CreateMXRecord() CreateDMARCRecord() { curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ -H "Content-Type: application/json" \ --data '{"type":"TXT","name":"_dmarc","content":"v=DMARC1; p=none","ttl":18000,"priority":10,"proxied":false}' > /dev/null } @@ -157,8 +152,7 @@ CreateDMARCRecord() CreateSPFRecord() { curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" \ - -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ - -H "X-Auth-Key: $CLOUDFLARE_TOKEN" \ + -H "Authorization: Bearer $CLOUDFLARE_TOKEN" \ -H "Content-Type: application/json" \ --data '{"type":"TXT","name":"'$DOMAIN'","content":"v=spf1 a mx ip4:'$machineip' -all","ttl":18000,"priority":10,"proxied":false}' > /dev/null } @@ -166,17 +160,27 @@ CreateSPFRecord() CreateDKIMRecord() { export dkim=$( echo $dkim | sed -e 's/^"//' -e 's/"$//' ) - curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" --data '{"type":"TXT","name":"selector._domainkey","content":"v=DKIM1; '$dkim'","ttl":18000,"priority":10,"proxied":false}' > /dev/null + curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" --data '{"type":"TXT","name":"selector._domainkey","content":"v=DKIM1; '$dkim'","ttl":18000,"priority":10,"proxied":false}' > /dev/null } PostInstallation() { ssh -i ~/.nix-ms/id_rsa "root@$machineip" cp /root/result/bin/goss /root/ - ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve & + ssh -i ~/.nix-ms/id_rsa "root@$machineip" /root/goss serve --format json & } -CollectData +PerformTests() +{ + curl $machineip:8080/healthz > .healthz.json + for i in {0..24}; do jq 'if .results['$i'].err != null then "FAIL" else "OK" end' .healthz.json; + done +} + +if test -z "$HETZNER_TOKEN" || test -z "$CLOUDFLARE_TOKEN" || test -z "$PASSWORD" +then + CollectData +fi InstallDependencies GenerateSSHKey printf "Importing SSH key into your Hetzner account..." @@ -203,6 +207,12 @@ CreateDMARCRecord CreateSPFRecord CreateDKIMRecord printf "done\n" +PostInstallation +PerformTests +#while ! ping -c1 192.168.0.107 &>/dev/null +# do echo "Ping Fail - `date`" +#done +#echo "Host Found - `date`" printf "Clearing temporary files..." ClearTempFiles printf "done\n" diff --git a/static/validate.sh b/static/validate.sh index 69bfc73..07bac27 100755 --- a/static/validate.sh +++ b/static/validate.sh @@ -1,19 +1,18 @@ #!/bin/bash export DOMAIN=scipttestingengine.tk -export CLOUDFLARE_EMAIL=ilchub5@gmail.com -export CLOUDFLARE_TOKEN=d170e27d9743cf741551beaff9aa2455417a6 +export CLOUDFLARE_TOKEN=r-N2jYMC1cP9bDjudvsaILqdKoRh0xN62idZeXaT export HETZNER_TOKEN=TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH -curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json +curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json -export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) -curl -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json +export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare_zones.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) +curl -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "Authorization: Bearer $CLOUDFLARE_EMAIL" -H "Content-Type: application/json" > .cloudflare_records.json for i in `seq 0 4` do export recordid=$(jq '.result['$i'].id' .cloudflare_records.json | sed -e 's/^"//' -e 's/"$//') - curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" done curl \ @@ -24,7 +23,7 @@ export machineid=$( for i in {0..24}; do jq 'if .servers['$i'].name == "nixos-ma curl \ -X DELETE \ - -H "Authorization: Bearer $API_TOKEN" \ + -H "Authorization: Bearer $HETZNER_TOKEN" \ 'https://api.hetzner.cloud/v1/servers/$machineid' bash <(curl -s https://selfprivacy.org/server.sh) From 72efca13a817f9f4b70548f74d16c436c84c0246 Mon Sep 17 00:00:00 2001 From: ilchub Date: Wed, 26 Aug 2020 16:33:22 +0300 Subject: [PATCH 7/7] Removed unnecessory data --- static/validate.sh | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100755 static/validate.sh diff --git a/static/validate.sh b/static/validate.sh deleted file mode 100755 index 07bac27..0000000 --- a/static/validate.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -export DOMAIN=scipttestingengine.tk -export CLOUDFLARE_TOKEN=r-N2jYMC1cP9bDjudvsaILqdKoRh0xN62idZeXaT -export HETZNER_TOKEN=TY4MkkbyIJDhtRIDRj0arU6OSzn5z4x7rvQpoiNsWLFMSuROQr7IFz8OsLQmh4JH - -curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json - - -export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare_zones.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' ) -curl -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "Authorization: Bearer $CLOUDFLARE_EMAIL" -H "Content-Type: application/json" > .cloudflare_records.json - -for i in `seq 0 4` -do - export recordid=$(jq '.result['$i'].id' .cloudflare_records.json | sed -e 's/^"//' -e 's/"$//') - curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" -H "Authorization: Bearer $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" -done - -curl \ - -H "Authorization: Bearer $HETZNER_TOKEN" \ - 'https://api.hetzner.cloud/v1/servers' > .hetzner_machines.json - -export machineid=$( for i in {0..24}; do jq 'if .servers['$i'].name == "nixos-mailserver" then .servers['$i'].id else null end' ) - -curl \ - -X DELETE \ - -H "Authorization: Bearer $HETZNER_TOKEN" \ - 'https://api.hetzner.cloud/v1/servers/$machineid' - -bash <(curl -s https://selfprivacy.org/server.sh)