Compare commits

..

3 Commits

Author SHA1 Message Date
Asif Bacchus
4ec190af47 update readme 2021-05-10 03:18:49 -06:00
Asif Bacchus
57ce2d1ac3 fixed headings so TOC links work 2021-05-10 03:09:30 -06:00
Asif Bacchus
1ffd374a4f fix: set TERM for tput if not set
- stop warning messages in syslog from systemd invocation
2021-05-10 02:55:16 -06:00
3 changed files with 43 additions and 24 deletions

View File

@ -7,7 +7,7 @@ ## Contents <!-- omit in toc -->
<!-- toc -->
- [Prerequisites](#prerequisites)
- [cfddns&#46;sh](#cfddns%2346sh)
- [cfddns script](#cfddns-script)
* [Installation](#installation)
* [Usage](#usage)
+ [Parameters](#parameters)
@ -15,10 +15,10 @@ ## Contents <!-- omit in toc -->
* [File structure](#file-structure)
* [Bearer token](#bearer-token)
* [Zone ID](#zone-id)
- [cfddns.service](#cfddnsservice)
* [IP4 and/or IP6](#ip4-andor-ip6)
- [cfddns systemd service unit](#cfddns-systemd-service-unit)
* [IP4 or IP6](#ip4-or-ip6)
+ [Examples](#examples)
- [cfddns.timer](#cfddnstimer)
- [cfddns systemd timer unit](#cfddns-systemd-timer-unit)
* [Activation](#activation)
- [Logging](#logging)
* [Using Logwatch to monitor this script](#using-logwatch-to-monitor-this-script)
@ -37,7 +37,7 @@ ## Prerequisites
While the script does *not* require root privileges, you will need sudo/root access to install the *systemd* service and timer.
## cfddns&#46;sh
## cfddns script
### Installation
@ -111,6 +111,13 @@ # Cloudflare token for my.domain.tld
You can save the file as anything you like and anywhere youd like as long as you inform the script of its location using the `--credentials` parameter. By default, the script will look for a file named *cloudflare.credentials* in the same path as the script.
Please remember that this file basically contains a password! As a result, it should be protected and access limited to the root account:
```bash
chown root:root /path/to/cloudflare.credentials
chmod 600 /path/to/cloudflare.credentials
```
### Bearer token
I chose to use an API bearer token instead of a username/password or Global API token for security reasons. Your username/password and Global API token provide unfettered access to your account so if anyone gets hold of them, they can do anything to your account. An API bearer token, by contrast, can only do what you authorize it to do and you can revoke it at any time. Therefore, I suggest making a bearer token that is based on the “Edit zone DNS” template and restricted to the specific domain/zone you wish to update. Cloudflare provides an [excellent article](https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys) on how to generate this token.
@ -124,7 +131,7 @@ ### Zone ID
To get your Zone ID, log into your Cloudflare account and open the domain in question. On the overview page, scroll down a bit and look to the right. You will see your Zone ID listed there. Copy that string into your configuration file.
## cfddns.service
## cfddns systemd service unit
This file **must** be copied to your */etc/systemd/system* directory (or equivalent directory if you're not running Debian/Ubuntu). If you change the name of the cfddns&#46;sh file, you must update the filename in the `ExecStart` line as shown below:
@ -136,13 +143,7 @@ ## cfddns.service
...
````
Dont forget to reload systemd after copying this file so it is recognized by the system! On most systems you can do this by running the following as root or via sudo:
```bash
systemctl daemon-reload
```
### IP4 and/or IP6
### IP4 or IP6
The cfddns.service file includes two *ExecStart* lines, one without a specified IP-protocol parameter (default IP4) and the other with the -6 (IP6) parameter. The service will run the cfddns&#46;sh script in default (IP4) mode with specified parameters first and then will run the script again in IP6 mode with specified parameters.
@ -183,9 +184,9 @@ # update IP6 addresses
...
```
## cfddns.timer
## cfddns systemd timer unit
This is the timer file that tells your system how often to call the *cfddns.service* file which runs the *cfddns&#46;sh* script. By default, the timer is set for 5 minutes after the system boots up (to allow for other processes to initialize even on slower systems like a RasPi) and is then run every 15 minutes thereafter. Remember when setting your timer that Cloudflare limits API calls to 1200 every 5 minutes.
Just like the service file unit, this file **must** be copied to your */etc/systemd/system* directory (or equivalent directory if you're not running Debian/Ubuntu). This timer file unit tells your system how often to call the *cfddns.service* file which runs the *cfddns&#46;sh* script. By default, the timer is set for 5 minutes after the system boots up (to allow for other processes to initialize even on slower systems like a RasPi) and is then run every 15 minutes thereafter. Remember when setting your timer that Cloudflare limits API calls to 1200 every 5 minutes.
You can change the timer by modifying the relevant section of the *cfddns.timer* file:
@ -198,6 +199,12 @@ ## cfddns.timer
*OnBootSec* is how long to wait after the system boots up before executing the *cfddns.service*. *OnUnitActiveSec* will then wait the specified time from that first (after boot) call or after the timer is explicitly started before calling *cfddns.service* again. I recommend setting OnUnitActiveSec to a low value (like 2 minutes) for testing then setting it to a more reasonable time (like 15
minutes) after everything is working.
After youve copied both the systemd unit and this timer unit, dont forget to reload the systemd daemon so they are recognized by the system! On most systems you can do this by running the following as root or via sudo:
```bash
systemctl daemon-reload
```
### Activation
You can start the timer system immediately via *systemctl*
@ -220,6 +227,8 @@ ### Activation
It is NOT necessary to enable/start the *cfddns.service*, only the timer needs to be active.
Also remember that if you make changes to settings like `OnUnitActiveSec` while testing or after testing is complete you *must* reload the systemd daemon! It will restart the appropriate units for you and your new settings will take effect immediately.
## Logging
The script logs every major action it takes and provides details on any errors it encounters in the log file (see the [parameters section](#parameters) for details about setting log location and name). If errors are encountered, they are colour coded red and an explanation of the error code is provided.

View File

@ -3,11 +3,13 @@
#
# update Cloudflare DNS records with current (dynamic) IP address
# Script by Asif Bacchus <asif@bacchus.cloud>
# Last modified: May 7, 2021
# Last modified: May 10, 2021
# Version 2.2
#
### text formatting presets using tput
if command -v tput >/dev/null; then
[ -z "$TERM" ] && export TERM=xterm
bold=$(tput bold)
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)

View File

@ -15,17 +15,17 @@ ## Contents <!-- omit in toc -->
<!-- toc -->
- [LogFile Group file (/etc/logwatch/conf/logfiles/cfddns.conf)](#logfile-group-file-etclogwatchconflogfilescfddnsconf)
- [LogFile Group file](#logfile-group-file)
* [Log file location](#log-file-location)
* [Archive location and name format](#archive-location-and-name-format)
* [External script for timestamp processing](#external-script-for-timestamp-processing)
- [Service definition file (/etc/logwatch/conf/services/cfddns.conf)](#service-definition-file-etclogwatchconfservicescfddnsconf)
- [Service definition file](#service-definition-file)
* [LogFile Group file definition](#logfile-group-file-definition)
* [Report title](#report-title)
* [Detail level](#detail-level)
- [Service script (/etc/logwatch/scripts/services/cfddns)](#service-script-etclogwatchscriptsservicescfddns)
- [Service script](#service-script)
* [Detail levels](#detail-levels)
- [Timestamp processing script (/etc/logwatch/scripts/shared/sqfullstampanywhere)](#timestamp-processing-script-etclogwatchscriptssharedsqfullstampanywhere)
- [Timestamp processing script](#timestamp-processing-script)
* [The time format specification](#the-time-format-specification)
* [The search REGEX](#the-search-regex)
- [Testing](#testing)
@ -33,7 +33,9 @@ ## Contents <!-- omit in toc -->
<!-- tocstop -->
## LogFile Group file (/etc/logwatch/conf/logfiles/cfddns.conf)
## LogFile Group file
> This file is located within the repo at */etc/logwatch/conf/logfiles/cfddns.conf*
### Log file location
@ -79,7 +81,9 @@ ### External script for timestamp processing
If you change the name of this file, you will have to change this line. Remember that whatever you type here as a name is converted to all-lowercase so your filename should be all lowercase also.
## Service definition file (/etc/logwatch/conf/services/cfddns.conf)
## Service definition file
> This file is located within the repo at */etc/logwatch/conf/services/cfddns.conf*
### LogFile Group file definition
@ -119,7 +123,9 @@ # Remember the levels are: 0, 1-4, 5, 6+
Detail = 5
```
## Service script (/etc/logwatch/scripts/services/cfddns)
## Service script
> This file is located within the repo at */etc/logwatch/scripts/services/cfddns*
Logwatch calls any script with a name that **matches the service name**. You'll notice that I just named everything *cfddns* to keep things simple. You can change this to whatever you want. If you changed the service name to *"cloudflare*.conf", for example, you would have to rename this script file to "*cloudflare*" with no extension. Note: The script is a PERL file (note the
shebang) but it can be written in any language.
@ -160,7 +166,9 @@ ### Detail levels
- **Use this detail level only when you need to see the entire log file and cannot otherwise access the log file.**
- Depending on how your logwatch treats this log dump, you may see gibberish control codes like *\e[0m;]*. If this is the case, run the script with the `--no-colour` or `--nc` option to remove ANSI colour formatting.
## Timestamp processing script (/etc/logwatch/scripts/shared/sqfullstampanywhere)
## Timestamp processing script
> This file is located within the repo at */etc/logwatch/scripts/shared/sqfullstampanywhere*
This is basically a modified version of the '*applyeurodate*' script that comes with Logwatch. It had to be modified to search within [square brackets] and to accept characters coming before the stamp (i.e. ANSI colour codes). If you change the '**stamp**' variable in the updater script to update the timestamp to your liking (which to totally fine!) then you'll probably have to update this file. There are two lines you need to modify to suit your new '**stamp**' variable.