chore: make plugin publish-safe for PyPI
Remove private git.eskimo.dev URLs (README install -> `pip install certbot-dns-yeil`; setup.py url -> docs.yeil.app/dns). Update README to the api.yeil.app/v1/dns gateway + gateway-relative paths. Flesh out setup.py metadata (long_description from README, classifiers, python_requires, project_urls, keywords). Add an MIT LICENSE file and a Python .gitignore (so build/ dist/ *.egg-info/ __pycache__ stay out of the repo). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
eskimo
34
README.md
34
README.md
@@ -2,19 +2,21 @@
|
||||
|
||||
yeil DNS Authenticator plugin for [Certbot](https://certbot.eff.org/).
|
||||
|
||||
Authenticates to `dns.yeil.app`'s public API with a yeil **App key**
|
||||
(`yk_...`) sent as a Bearer token, then adds/removes TXT records to
|
||||
satisfy ACME DNS-01 challenges. Works for any yeil team with an App that
|
||||
has DNS record-write permission; the certbot host just needs HTTPS
|
||||
reachability to `dns.yeil.app`.
|
||||
Authenticates to the yeil public DNS API (`https://api.yeil.app/v1/dns`)
|
||||
with a yeil **App key** (`yk_...`) sent as a Bearer token, then
|
||||
adds/removes TXT records to satisfy ACME DNS-01 challenges. Works for any
|
||||
yeil team with an App that has DNS record-write permission; the certbot
|
||||
host just needs HTTPS reachability to `api.yeil.app`.
|
||||
|
||||
Wildcard certs require DNS-01, so this plugin (or another DNS
|
||||
authenticator) is needed for `*.example.com`.
|
||||
|
||||
Full API docs: <https://docs.yeil.app/dns>.
|
||||
|
||||
## Installation
|
||||
|
||||
```sh
|
||||
pip install git+https://git.eskimo.dev/Yeil/certbot-dns-yeil.git
|
||||
pip install certbot-dns-yeil
|
||||
```
|
||||
|
||||
## Configuration
|
||||
@@ -33,10 +35,10 @@ dns_yeil_api_key = yk_xxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyy
|
||||
> login was retired with personal app passwords. Replace those two lines
|
||||
> with a single `dns_yeil_api_key`.
|
||||
|
||||
Optional override if you're testing against a non-production host:
|
||||
Optional override if you're testing against a non-production API base:
|
||||
|
||||
```ini
|
||||
dns_yeil_base_url = https://dns.staging.example
|
||||
dns_yeil_base_url = https://api.staging.example/v1/dns
|
||||
```
|
||||
|
||||
## Usage
|
||||
@@ -60,13 +62,17 @@ certbot certonly \
|
||||
|
||||
## How it works
|
||||
|
||||
The plugin sends the App key as a Bearer token on every request. For
|
||||
each requested name it asks the API which of the App's zones covers the
|
||||
FQDN (`GET /api/v1/zones?suffix_of=<fqdn>`), creates a TXT at
|
||||
`_acme-challenge.<rel>` (`POST /api/v1/zones/{id}/records`), waits for
|
||||
propagation, and on cleanup deletes the record by id
|
||||
(`DELETE /api/v1/zones/{id}/records/{recordId}`).
|
||||
The plugin sends the App key as a Bearer token on every request to
|
||||
`https://api.yeil.app/v1/dns`. For each requested name it asks the API
|
||||
which of the App's zones covers the FQDN (`GET /zones?suffix_of=<fqdn>`),
|
||||
creates a TXT at `_acme-challenge.<rel>` (`POST /zones/{id}/records`),
|
||||
waits for propagation, and on cleanup deletes the record by id
|
||||
(`DELETE /zones/{id}/records/{recordId}`).
|
||||
|
||||
Revoking the App key (or disabling the App) in your team settings cuts
|
||||
off access cleanly. The key only carries the DNS permissions you granted
|
||||
the App, so scope it to record-write on just the zones you need.
|
||||
|
||||
## License
|
||||
|
||||
MIT. See [LICENSE](LICENSE).
|
||||
|
||||
Reference in New Issue
Block a user