From f2a41436c916b7763057e848b66a0158c6846ff5 Mon Sep 17 00:00:00 2001 From: David Vazgenovich Shakaryan Date: Tue, 21 Mar 2023 02:41:58 -0700 Subject: use encrypted token in systemd service --- hetzner-ddns.sh | 9 +++++++++ systemd/hetzner-ddns@.service | 5 +++-- systemd/hetzner-ddns@home.example.org.service.d/opts.conf | 2 -- 3 files changed, 12 insertions(+), 4 deletions(-) delete mode 100644 systemd/hetzner-ddns@home.example.org.service.d/opts.conf diff --git a/hetzner-ddns.sh b/hetzner-ddns.sh index 7ad8e28..5e6de74 100755 --- a/hetzner-ddns.sh +++ b/hetzner-ddns.sh @@ -3,6 +3,8 @@ # Copyright 2022 David Vazgenovich Shakaryan # # HETZNER_TOKEN= hetzner-ddns.sh +# HETZNER_TOKEN_FILE=/path/to/token hetzner-ddns.sh +# systemctl enable --now "hetzner-ddns@$(systemd-escape ).timer" IP_RESOLVER='https://ifconfig.co' TARGET="${1}" @@ -20,6 +22,13 @@ hetzcurl() { "${@:2}" } +if [[ -z "${HETZNER_TOKEN}" ]] && [[ -n "${HETZNER_TOKEN_FILE}" ]]; then + [[ -f "${HETZNER_TOKEN_FILE}" ]] || die 'Specified token file' \ + "(${HETZNER_TOKEN_FILE}) does not exist" + HETZNER_TOKEN="$(<"${HETZNER_TOKEN_FILE}")" +fi +[[ -n "${HETZNER_TOKEN}" ]] || die 'Missing token' + ip="$(curl -sf4 "${IP_RESOLVER}")" || die 'IP lookup failed' zone_re="${TARGET}" diff --git a/systemd/hetzner-ddns@.service b/systemd/hetzner-ddns@.service index 28a25fd..58e6e6f 100644 --- a/systemd/hetzner-ddns@.service +++ b/systemd/hetzner-ddns@.service @@ -2,6 +2,7 @@ Description=Hetzner DDNS updater [Service] -Type=oneshot -ExecStart=hetzner-ddns.sh %i +ExecStart=hetzner-ddns.sh %I DynamicUser=yes +LoadCredentialEncrypted=hetzner_token.cred +Environment=HETZNER_TOKEN_FILE=%d/hetzner_token.cred diff --git a/systemd/hetzner-ddns@home.example.org.service.d/opts.conf b/systemd/hetzner-ddns@home.example.org.service.d/opts.conf deleted file mode 100644 index 1e62794..0000000 --- a/systemd/hetzner-ddns@home.example.org.service.d/opts.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Environment="HETZNER_TOKEN=access_token" -- cgit v1.2.3-70-g09d2