vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eac77ef7b4b5a87f0a35a1181dacb4013b09b996
vm-skills/dns-sovereign/scripts/31_cf_apply.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

74 lines
2.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
source "$SCRIPT_DIR/_common.sh"
: "${CF_API_TOKEN:=}"
: "${CF_ZONE_NAME:=}"
api() {
local method="$1"; shift
local url="$1"; shift
curl -sS -X "$method" "$url" \
-H "Authorization: Bearer $CF_API_TOKEN" \
-H "Content-Type: application/json" \
"$@"
}
main() {
confirm_gate
[[ -n "$CF_API_TOKEN" ]] || die "CF_API_TOKEN is required."
[[ -n "$CF_ZONE_NAME" ]] || die "CF_ZONE_NAME is required."
need jq
need curl
local mirror_file="$SKILL_ROOT/outputs/mirror_records.json"
if [[ ! -f "$mirror_file" ]]; then
die "Missing $mirror_file. Create it like: [{\"type\":\"A\",\"name\":\"app\",\"content\":\"1.2.3.4\",\"ttl\":120}]"
fi
log_info "Resolving Cloudflare zone id for: $CF_ZONE_NAME"
local zid; zid="$(api GET "https://api.cloudflare.com/client/v4/zones?name=$CF_ZONE_NAME" | jq -r '.result[0].id')"
[[ -n "$zid" && "$zid" != "null" ]] || die "Unable to resolve zone id."
# For each record, create/update in CF
created_ids=[]
results=[]
while IFS= read -r rec; do
rtype="$(echo "$rec" | jq -r '.type')"
rname="$(echo "$rec" | jq -r '.name')"
rcontent="$(echo "$rec" | jq -r '.content')"
rttl="$(echo "$rec" | jq -r '.ttl // 120')"
# Convert short name to FQDN if needed
if [[ "$rname" != *"."* ]]; then
fqdn="${rname}.${CF_ZONE_NAME}"
else
fqdn="$rname"
fi
# check existing
existing="$(api GET "https://api.cloudflare.com/client/v4/zones/$zid/dns_records?type=$rtype&name=$fqdn")"
rid="$(echo "$existing" | jq -r '.result[0].id')"
if [[ -n "$rid" && "$rid" != "null" ]]; then
log_info "Updating $rtype $fqdn"
api PUT "https://api.cloudflare.com/client/v4/zones/$zid/dns_records/$rid" \
--data "{\"type\":\"$rtype\",\"name\":\"$fqdn\",\"content\":\"$rcontent\",\"ttl\":$rttl,\"proxied\":true}" \
| jq -e '.success==true' >/dev/null || die "Failed update for $fqdn"
echo "$rid" >> "$SKILL_ROOT/outputs/cloudflare_record_ids.txt"
else
log_info "Creating $rtype $fqdn"
resp="$(api POST "https://api.cloudflare.com/client/v4/zones/$zid/dns_records" \
--data "{\"type\":\"$rtype\",\"name\":\"$fqdn\",\"content\":\"$rcontent\",\"ttl\":$rttl,\"proxied\":true}")"
echo "$resp" | jq -e '.success==true' >/dev/null || die "Failed create for $fqdn"
new_id="$(echo "$resp" | jq -r '.result.id')"
echo "$new_id" >> "$SKILL_ROOT/outputs/cloudflare_record_ids.txt"
fi
done < <(jq -c '.[]' "$mirror_file")
log_info "Cloudflare mirror applied. IDs saved to outputs/cloudflare_record_ids.txt"
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink