114 lines
3.6 KiB
Python
114 lines
3.6 KiB
Python
#!/usr/bin/env python3
|
|
"""Point exposedgays.com DNS at Cloudflare tunnel via GoDaddy API."""
|
|
import json
|
|
import time
|
|
import urllib.error
|
|
import urllib.request
|
|
import paramiko
|
|
|
|
GODADDY_KEY = "2wYVpc3VT4_Gi9AsNqzJ6BtSfNz6nLDuo"
|
|
GODADDY_SECRET = "NvC3qexGAU7Rd5QExUTH6z"
|
|
DOMAIN = "exposedgays.com"
|
|
TUNNEL_CNAME = "03079a26-f14c-4622-b463-ba54a24f7472.cfargotunnel.com"
|
|
GD = "https://api.godaddy.com/v1"
|
|
PASS = "Bbt9115xty9176!"
|
|
|
|
|
|
def gd(path, method="GET", body=None):
|
|
req = urllib.request.Request(
|
|
GD + path,
|
|
data=json.dumps(body).encode() if body is not None else None,
|
|
method=method,
|
|
headers={
|
|
"Authorization": f"sso-key {GODADDY_KEY}:{GODADDY_SECRET}",
|
|
"Content-Type": "application/json",
|
|
"Accept": "application/json",
|
|
},
|
|
)
|
|
try:
|
|
with urllib.request.urlopen(req, timeout=45) as r:
|
|
raw = r.read().decode()
|
|
return r.status, json.loads(raw) if raw else {}
|
|
except urllib.error.HTTPError as e:
|
|
raw = e.read().decode()
|
|
try:
|
|
return e.code, json.loads(raw)
|
|
except Exception:
|
|
return e.code, {"raw": raw[:800]}
|
|
|
|
|
|
def show_records(label):
|
|
print(f"\n=== {label} ===")
|
|
code, records = gd(f"/domains/{DOMAIN}/records")
|
|
print("HTTP", code)
|
|
for r in records if isinstance(records, list) else []:
|
|
print(f" {r['type']:5} {r['name']:20} -> {r.get('data')}")
|
|
|
|
|
|
def main():
|
|
show_records("Before")
|
|
|
|
# Full replace must retain NS records.
|
|
new_records = [
|
|
{"type": "NS", "name": "@", "data": "ns71.domaincontrol.com", "ttl": 3600},
|
|
{"type": "NS", "name": "@", "data": "ns72.domaincontrol.com", "ttl": 3600},
|
|
{"type": "CNAME", "name": "www", "data": TUNNEL_CNAME, "ttl": 600},
|
|
{"type": "CNAME", "name": "@", "data": TUNNEL_CNAME, "ttl": 600},
|
|
{
|
|
"type": "TXT",
|
|
"name": "_dmarc",
|
|
"data": "v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net;",
|
|
"ttl": 3600,
|
|
},
|
|
]
|
|
|
|
print("\n=== PUT full record set ===")
|
|
code, res = gd(f"/domains/{DOMAIN}/records", "PUT", new_records)
|
|
print("HTTP", code, res)
|
|
|
|
if code not in (200, 204):
|
|
print("\n=== Per-record fallback ===")
|
|
# Delete parked apex A
|
|
code_del, res_del = gd(f"/domains/{DOMAIN}/records/A/@", "DELETE")
|
|
print("DELETE A @", code_del, res_del)
|
|
|
|
# Upsert www CNAME
|
|
code_www, res_www = gd(
|
|
f"/domains/{DOMAIN}/records/CNAME/www",
|
|
"PUT",
|
|
[{"data": TUNNEL_CNAME, "ttl": 600}],
|
|
)
|
|
print("PUT CNAME www", code_www, res_www)
|
|
|
|
# Try apex CNAME
|
|
code_apex, res_apex = gd(
|
|
f"/domains/{DOMAIN}/records/CNAME/@",
|
|
"PUT",
|
|
[{"data": TUNNEL_CNAME, "ttl": 600}],
|
|
)
|
|
print("PUT CNAME @", code_apex, res_apex)
|
|
|
|
show_records("After")
|
|
time.sleep(8)
|
|
|
|
print("\n=== Verify from COOLIFY_01 ===")
|
|
c = paramiko.SSHClient()
|
|
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
c.connect("10.10.0.10", username="localadministrator", password=PASS, timeout=30)
|
|
cmds = [
|
|
f"dig @1.1.1.1 {DOMAIN} CNAME +short",
|
|
f"dig @1.1.1.1 www.{DOMAIN} CNAME +short",
|
|
f"curl -sSI https://www.{DOMAIN}/ | head -12",
|
|
f"curl -sSL https://www.{DOMAIN}/ | head -c 400",
|
|
f"curl -sSI https://{DOMAIN}/ | head -12",
|
|
]
|
|
for cmd in cmds:
|
|
print(f"\n$ {cmd}")
|
|
_, o, e = c.exec_command(cmd, timeout=30)
|
|
o.channel.recv_exit_status()
|
|
print((o.read() + e.read()).decode(errors="replace"))
|
|
c.close()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main() |