#!/bin/sh
#
# Deploy DNS challenge using nsupdate

set -e
set -u

# Required binaries
ECHO=/bin/echo
MKTEMP=/bin/mktemp
NSUPDATE=/usr/bin/nsupdate
RM=/bin/rm
XARGS=/usr/bin/xargs

NSUPDATE_SCRIPT=$(${MKTEMP})
cleanup() {
    ${RM} -f "${NSUPDATE_SCRIPT}"
}

SERVER=${CERTHUB_NSUPDATE_SERVER:-}
if [ -n "${SERVER}" ]; then
    ${ECHO} "server ${SERVER}" >> "${NSUPDATE_SCRIPT}"
fi

TTL=${CERTHUB_NSUPDATE_TTL:-600}
${ECHO} "ttl ${TTL}" >> "${NSUPDATE_SCRIPT}"

# Determine action according to executable name.
if [ -z "${0##*-auth}" ]; then
    ACTION=add
elif [ -z "${0##*-cleanup}" ]; then
    ACTION=delete
else
    ${ECHO} "${0}: called with unknown action"
    exit 1
fi

DOMAIN=${CERTHUB_NSUPDATE_DOMAIN:-_acme-challenge.${CERTBOT_DOMAIN}}

${ECHO} "update ${ACTION} ${DOMAIN} IN TXT \"${CERTBOT_VALIDATION}\"" >> "${NSUPDATE_SCRIPT}"
${ECHO} "send" >> "${NSUPDATE_SCRIPT}"

${ECHO} "${CERTHUB_NSUPDATE_ARGS}" "${NSUPDATE_SCRIPT}" | ${XARGS} "${NSUPDATE}"
