icinga2-checks/check_external_ip_dynamic_cf.sh

#!/bin/bash

# Function to display usage
usage() {
    echo "Usage: $0 -d domain -u email -k key -i ip_checker"
    echo "  -d    The domain to check"
    echo "  -k    The Cloudflare API key"
    echo "  -i    The IP checker service URL"
    echo "  -e    The expected IP of the domain. Optional, use instead of -i"
    exit 3
}

expected_ip=""

while getopts d:k:i:e: flag
do
    case "${flag}" in
        d) domain=${OPTARG};;
        k) key=${OPTARG};;
        i) ip_checker=${OPTARG};;
        e) expected_ip=${OPTARG};;
        *) usage;;
    esac
done

# Check that all arguments were provided
if [ -z "$domain" ] || [ -z "$key" ] || [ -z "$ip_checker" ]; then
    usage
fi

# Get the zone id for the domain
response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones?name=$domain" \
    -H "Authorization: Bearer $key" \
    -H "Content-Type: application/json")

http_code=$(echo "$response" | tail -n1)
if [ "$http_code" != "200" ]; then
    echo "Failed to get zone id for $domain, HTTP status code was $http_code"
    exit 1
fi

zone_id=$(echo "$response" | head -n-1 | jq -r '.result[0].id')

# Get the A record for the domain
response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records?type=A&name=$domain" \
    -H "Authorization: Bearer $key" \
    -H "Content-Type: application/json")

http_code=$(echo "$response" | tail -n1)
if [ "$http_code" != "200" ]; then
    echo "Failed to get A record for $domain, HTTP status code was $http_code"
    exit 1
fi

a_record=$(echo "$response" | head -n-1 | jq -r '.result[0].content')

if [ -z "$expected_ip" ]; then
  public_ip=$(curl -s "$ip_checker")
else
  public_ip="$expected_ip"
fi

if [ "$a_record" == "$public_ip" ]; then
    echo "OK - $domain resolves to $public_ip"
    exit 0
else
    echo "CRITICAL - $domain does not resolve to $public_ip. A Record: $a_record"
    exit 2
fi