chore: make plugin publish-safe for PyPI

Remove private git.eskimo.dev URLs (README install -> `pip install
certbot-dns-yeil`; setup.py url -> docs.yeil.app/dns). Update README to the
api.yeil.app/v1/dns gateway + gateway-relative paths. Flesh out setup.py
metadata (long_description from README, classifiers, python_requires,
project_urls, keywords). Add an MIT LICENSE file and a Python .gitignore
(so build/ dist/ *.egg-info/ __pycache__ stay out of the repo).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.gitignore

@@ -0,0 +1,15 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Packaging / build artifacts
+build/
+dist/
+*.egg-info/
+.eggs/
+
+# Virtualenvs
+.venv/
+venv/
+env/

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 yeil
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -2,19 +2,21 @@
 
 yeil DNS Authenticator plugin for [Certbot](https://certbot.eff.org/).
 
-Authenticates to `dns.yeil.app`'s public API with a yeil **App key**
+Authenticates to the yeil public DNS API (`https://api.yeil.app/v1/dns`)
-(`yk_...`) sent as a Bearer token, then adds/removes TXT records to
+with a yeil **App key** (`yk_...`) sent as a Bearer token, then
-satisfy ACME DNS-01 challenges. Works for any yeil team with an App that
+adds/removes TXT records to satisfy ACME DNS-01 challenges. Works for any
-has DNS record-write permission; the certbot host just needs HTTPS
+yeil team with an App that has DNS record-write permission; the certbot
-reachability to `dns.yeil.app`.
+host just needs HTTPS reachability to `api.yeil.app`.
 
 Wildcard certs require DNS-01, so this plugin (or another DNS
 authenticator) is needed for `*.example.com`.
 
+Full API docs: <https://docs.yeil.app/dns>.
+
 ## Installation
 
 ```sh
-pip install git+https://git.eskimo.dev/Yeil/certbot-dns-yeil.git
+pip install certbot-dns-yeil
 ```
 
 ## Configuration
@@ -33,10 +35,10 @@ dns_yeil_api_key = yk_xxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyy
 > login was retired with personal app passwords. Replace those two lines
 > with a single `dns_yeil_api_key`.
 
-Optional override if you're testing against a non-production host:
+Optional override if you're testing against a non-production API base:
 
 ```ini
-dns_yeil_base_url = https://dns.staging.example
+dns_yeil_base_url = https://api.staging.example/v1/dns
 ```
 
 ## Usage
@@ -60,13 +62,17 @@ certbot certonly \
 
 ## How it works
 
-The plugin sends the App key as a Bearer token on every request. For
+The plugin sends the App key as a Bearer token on every request to
-each requested name it asks the API which of the App's zones covers the
+`https://api.yeil.app/v1/dns`. For each requested name it asks the API
-FQDN (`GET /api/v1/zones?suffix_of=<fqdn>`), creates a TXT at
+which of the App's zones covers the FQDN (`GET /zones?suffix_of=<fqdn>`),
-`_acme-challenge.<rel>` (`POST /api/v1/zones/{id}/records`), waits for
+creates a TXT at `_acme-challenge.<rel>` (`POST /zones/{id}/records`),
-propagation, and on cleanup deletes the record by id
+waits for propagation, and on cleanup deletes the record by id
-(`DELETE /api/v1/zones/{id}/records/{recordId}`).
+(`DELETE /zones/{id}/records/{recordId}`).
 
 Revoking the App key (or disabling the App) in your team settings cuts
 off access cleanly. The key only carries the DNS permissions you granted
 the App, so scope it to record-write on just the zones you need.
+
+## License
+
+MIT. See [LICENSE](LICENSE).

setup.py

@@ -1,12 +1,25 @@
+import pathlib
+
 from setuptools import setup, find_packages
 
+LONG_DESCRIPTION = pathlib.Path(__file__).with_name("README.md").read_text(
+    encoding="utf-8"
+)
+
 setup(
     name="certbot-dns-yeil",
     version="3.1.0",
     description="yeil DNS Authenticator plugin for Certbot",
-    url="https://git.eskimo.dev/Yeil/certbot-dns-yeil",
+    long_description=LONG_DESCRIPTION,
+    long_description_content_type="text/markdown",
+    url="https://docs.yeil.app/dns",
+    project_urls={
+        "Documentation": "https://docs.yeil.app/dns",
+    },
     author="yeil",
     license="MIT",
+    keywords="certbot dns yeil acme letsencrypt dns-01 dns-authenticator",
+    python_requires=">=3.8",
     packages=find_packages(),
     install_requires=[
         "certbot>=1.1.0",
@@ -17,4 +30,16 @@ setup(
             "dns-yeil = certbot_dns_yeil.dns_yeil:Authenticator",
         ],
     },
+    classifiers=[
+        "Development Status :: 5 - Production/Stable",
+        "Environment :: Plugins",
+        "Intended Audience :: System Administrators",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3 :: Only",
+        "Topic :: Internet :: Name Service (DNS)",
+        "Topic :: Security",
+        "Topic :: System :: Systems Administration",
+    ],
 )