CyberMind-FR
ab34719f9f
- Add secubox-landing script to generate landing pages from HAProxy vhosts - Integrate landing command into secubox CLI - Add boot hook to regenerate landing pages on startup - Fix HAProxy multi-cert SNI using crt-list instead of directory mode - Fix backend IPs from 127.0.0.1 to 192.168.255.1 for LXC compatibility - Auto-convert localhost IPs in RPCD handler and CLI tools Landing page features: - Groups all services by zone with stats header - Shows SSL certificate status per domain - Categorizes by type: Streamlit, Blog, Admin, Media, Dev, etc. - Regenerates at boot (30s after startup) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| files | ||
| CONTINUE.md | ||
| HISTORY.md | ||
| INSTRUCT.md | ||
| Makefile | ||
| README.md | ||
| TODO.md | ||
secubox-app-dns-provider
Programmatic DNS record management via provider REST APIs. Part of the SecuBox ecosystem.
Overview
Manages DNS zones through OVH, Gandi, and Cloudflare APIs. Provides a CLI tool (dnsctl) for record CRUD, HAProxy vhost sync, DNS propagation verification, and ACME DNS-01 certificate issuance.
Architecture
dnsctl (CLI)
├── load_provider() → sources /usr/lib/secubox/dns/{provider}.sh
├── cmd_list/add/rm → delegates to dns_list/dns_add/dns_rm
├── cmd_sync → iterates HAProxy UCI vhosts → dns_add per domain
├── cmd_verify → nslookup against 1.1.1.1, 8.8.8.8, 9.9.9.9
└── cmd_acme_dns01 → exports provider env vars → acme.sh --dns
Provider Adapters
Each adapter in /usr/lib/secubox/dns/ implements:
| Function | Description |
|---|---|
dns_list(zone) |
List all records in zone |
dns_add(zone, type, subdomain, target, ttl) |
Create record |
dns_rm(zone, type, subdomain) |
Delete record |
dns_verify(fqdn) |
Check resolution |
dns_test_credentials() |
Validate API keys |
Supported Providers
- OVH — HMAC-SHA1 signed API v1 (app_key + app_secret + consumer_key)
- Gandi — LiveDNS v5 with Bearer token
- Cloudflare — API v4 with Bearer token + zone_id
UCI Configuration
/etc/config/dns-provider
config dns_provider 'main' → enabled, provider, zone
config ovh 'ovh' → endpoint, app_key, app_secret, consumer_key
config gandi 'gandi' → api_key
config cloudflare 'cloudflare' → api_token, zone_id
CLI Usage
Basic Operations
dnsctl status # Show config status
dnsctl test # Verify API credentials
dnsctl list # List zone records
dnsctl add A myservice 1.2.3.4 # Create A record
dnsctl add CNAME www mycdn.net # Create CNAME
dnsctl update A myservice 5.6.7.8 # Update existing record
dnsctl get A www # Get record value
dnsctl rm A myservice # Remove record
dnsctl domains # List all domains in account
HAProxy Sync
dnsctl sync # Sync HAProxy vhosts to DNS A records
dnsctl verify myservice.example.com # Check propagation (1.1.1.1, 8.8.8.8, 9.9.9.9)
Subdomain Generator
dnsctl generate gitea # Auto-create gitea.zone with public IP
dnsctl generate api prod # Create prod-api.zone
dnsctl suggest web # Show subdomain name suggestions
dnsctl suggest mail # Suggestions: mail, smtp, imap, webmail, mx
dnsctl suggest dev # Suggestions: git, dev, staging, test, ci
DynDNS
dnsctl dyndns # Update root A record with WAN IP
dnsctl dyndns api 300 # Update api.zone with 5min TTL
Mail DNS Setup
dnsctl mail-setup # Create MX, SPF, DMARC records
dnsctl mail-setup mail 10 # Custom hostname and priority
dnsctl dkim-add mail '<public-key>' # Add DKIM TXT record
SSL Certificates
dnsctl acme-dns01 example.com # Issue cert via DNS-01 challenge
dnsctl acme-dns01 '*.example.com' # Wildcard cert via DNS-01
Dependencies
curl— HTTP client for API callsopenssl-util— HMAC-SHA1 signing (OVH)jsonfilter— JSON parsing (OpenWrt native)acme.sh— Certificate issuance (optional, for DNS-01)
Files
/etc/config/dns-provider UCI configuration
/usr/sbin/dnsctl CLI controller
/usr/lib/secubox/dns/ovh.sh OVH adapter
/usr/lib/secubox/dns/gandi.sh Gandi adapter
/usr/lib/secubox/dns/cloudflare.sh Cloudflare adapter