From e2baeca79809371bb14e59a563eb24917a3fdbd6 Mon Sep 17 00:00:00 2001
From: Seji64 <seji@tihoda.de>
Date: Fri, 20 Sep 2024 16:33:47 +0200
Subject: [PATCH] totally misunderstood 'newTLSCertificate' function...trying
 other approach

---
 Dockerfile                            |  2 +-
 configs/dnsdist/dnsdist.conf.template | 10 +---------
 entrypoint.sh                         |  4 +++-
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8e4d303..c347ed4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,7 @@ RUN apk update && apk upgrade
 RUN addgroup snidust && adduser -D -H -G snidust snidust
 
 # Install needed packages and clean up
-RUN apk add --no-cache jq tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic && \
+RUN apk add --no-cache jq tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic step-cli && \
     rm -f /etc/nginx/conf.d/*.conf && \
     rm -rf /var/cache/apk/*
 
diff --git a/configs/dnsdist/dnsdist.conf.template b/configs/dnsdist/dnsdist.conf.template
index 7db19b5..bb4f6aa 100644
--- a/configs/dnsdist/dnsdist.conf.template
+++ b/configs/dnsdist/dnsdist.conf.template
@@ -20,21 +20,13 @@ fi
 echo "end"
 echo ""
 
-if [ "${DNSDIST_ENABLE_DOT}" == "true" ] && [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
-    echo "tlsCert = newTLSCertificate('/etc/dnsdist/certs/tls.pem', {key='/etc/dnsdist/certs/tls.key'})"
-fi
-
 echo ""
 echo "-- Add plain DNS bind"
 echo "addLocal('${DNSDIST_BIND_IP}:5300')"
 echo ""
 if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
     echo "-- Add DoT bind"
-    if [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
-        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530',tlsCert)"
-    else
-        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
-    fi
+    echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
 else
     echo "-- TLS Endpoints disabled"
 fi
diff --git a/entrypoint.sh b/entrypoint.sh
index a48a1c3..5414684 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -9,7 +9,9 @@ if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
   fi
 
   if [[ " ${VALID_CERT_TYPE_VALUES[*]} " =~ " ${DNSDIST_DOT_CERT_TYPE} " ]]; then
-    echo "[INFO] The value of DNSDIST_DOT_CERT_TYPE is valid: $DNSDIST_DOT_CERT_TYPE"
+    if [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
+      /usr/bin/step certificate create dot.snidust.local /etc/dnsdist/certs/tls.pem /etc/dnsdist/certs/tls.key --profile self-signed --subtle --no-password --insecure
+    fi
   else
     echo "[ERROR] Invalid value for DNSDIST_DOT_CERT_TYPE: $DNSDIST_DOT_CERT_TYPE"
     exit 1