From 07e2449d04100f2e815ff89e6609bad2c3526f3e Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Tue, 10 Feb 2026 14:26:02 -0600 Subject: [PATCH] cloudflare next --- basic_setup/cloudflareDnsPart.sh | 108 +++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100755 basic_setup/cloudflareDnsPart.sh diff --git a/basic_setup/cloudflareDnsPart.sh b/basic_setup/cloudflareDnsPart.sh new file mode 100755 index 0000000..703d2b1 --- /dev/null +++ b/basic_setup/cloudflareDnsPart.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +# ========================================== +# KONFIGURATION +# ========================================== + +AWS_REGION="us-east-2" + +if [ -z "$DOMAIN_NAME" ]; then + echo "Fehler: DOMAIN_NAME ist nicht gesetzt (z.B. export DOMAIN_NAME='bayarea-cc.com')." + exit 1 +fi +if [ -z "$CF_API_TOKEN" ]; then + echo "Fehler: CF_API_TOKEN fehlt." + exit 1 +fi + +# ========================================== +# ZONE ID ERMITTELN +# ========================================== + +echo "Zone ID für $DOMAIN_NAME abrufen..." +ZONE_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$DOMAIN_NAME" \ + -H "Authorization: Bearer $CF_API_TOKEN" \ + -H "Content-Type: application/json") + +if [ "$(echo $ZONE_RESPONSE | jq -r '.success')" != "true" ]; then + echo "Fehler beim Abrufen der Zone ID:" + echo $ZONE_RESPONSE | jq . + exit 1 +fi + +CF_ZONE_ID=$(echo $ZONE_RESPONSE | jq -r '.result[0].id') +echo "Zone ID: $CF_ZONE_ID" + +# ========================================== +# FUNKTIONEN +# ========================================== + +create_dns_record() { + local TYPE=$1 + local NAME=$2 + local CONTENT=$3 + local PROXIED=$4 + local TTL=$5 + local PRIORITY=$6 + + if [ -z "$PROXIED" ]; then PROXIED="false"; fi + if [ -z "$TTL" ]; then TTL=3600; fi + + echo "Erstelle $TYPE-Eintrag für $NAME..." + + local JSON_DATA="" + + if [ "$TYPE" = "MX" ]; then + if [ -z "$PRIORITY" ]; then PRIORITY=10; fi + JSON_DATA="{ + \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\", + \"ttl\": $TTL, \"priority\": $PRIORITY, \"proxied\": $PROXIED + }" + elif [ "$TYPE" = "TXT" ]; then + CONTENT=$(echo "$CONTENT" | sed 's/"//g') + JSON_DATA="{ + \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"\\\"$CONTENT\\\"\", + \"ttl\": $TTL, \"proxied\": $PROXIED + }" + else + JSON_DATA="{ + \"type\": \"$TYPE\", \"name\": \"$NAME\", \"content\": \"$CONTENT\", + \"ttl\": $TTL, \"proxied\": $PROXIED + }" + fi + + curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/dns_records" \ + -H "Authorization: Bearer $CF_API_TOKEN" \ + -H "Content-Type: application/json" \ + --data "$JSON_DATA" | jq -r '.success' +} + + +# ========================================== +# 1. AWS SES Setup (DKIM & Verifizierung) +# ========================================== +echo "--- AWS SES Konfiguration ---" +DKIM_TOKENS=$(aws ses get-identity-dkim-attributes \ + --identities ${DOMAIN_NAME} --region ${AWS_REGION} \ + --query "DkimAttributes.\"${DOMAIN_NAME}\".DkimTokens" --output text) + +VERIFICATION_TOKEN=$(aws ses get-identity-verification-attributes \ + --identities ${DOMAIN_NAME} --region ${AWS_REGION} \ + --query "VerificationAttributes.\"${DOMAIN_NAME}\".VerificationToken" --output text) + +if [ -n "$VERIFICATION_TOKEN" ]; then + create_dns_record "TXT" "_amazonses.${DOMAIN_NAME}" "${VERIFICATION_TOKEN}" "false" +fi + +# ========================================== +# 2. MX Records (AWS SES Ingest) +# ========================================== +echo "--- MX Records (AWS SES) ---" +# Hier leiten wir eingehende Mails an Amazon S3/SQS Pipeline +create_dns_record "MX" "${DOMAIN_NAME}" "inbound-smtp.${AWS_REGION}.amazonaws.com" "false" 3600 10 + +# ========================================== +# 4. SPF & DMARC +# ========================================== + +echo "Fertig. Konfiguration für $DOMAIN_NAME abgeschlossen." \ No newline at end of file