SafelineAPI
=================

Small CLI to request and upsert TLS certificates (DNS-01) with multiple DNS provider backends. This repo now includes Cloudflare DNS provider support via the lego provider.

## Prerequisites
- Go toolchain (only required to build from source)
- A SafeLine API token (set in `config.json`)
- Cloudflare API token (scoped) or Global API key + account email

## Quick start

1. Copy `config.example.json` to `config.json` and fill in your values.

2. Build (optional):
```powershell
cd C:\Users\samge\coding\SafelineAPI-1
go build -o safelineApi.exe ./cmd/safelineApi
```

3. Run:
```powershell
# using built binary
.\safelineApi.exe

# or directly with go
go run ./cmd/safelineApi -- -t "<SafeLineApiToken>" -D "Cloudflare" -e "you@example.com"
```

Configuration notes
- The main configuration file is `config.json` in the project root.
- To use Cloudflare for DNS-01, set `ApplyCert.DNSProviderConfig.DNSProvider` to `Cloudflare` and set `ApplyCert.DNSProviderConfig.Cloudflare.APIToken` to a scoped API token with `Zone:DNS:Edit` permission.
- If you must use the global API key, set `Cloudflare.APIKey` and `Cloudflare.Email` instead (less secure).

Docs
- See `docs/CONFIGURATION.md` for detailed configuration and troubleshooting steps.
- See `docs/cloudflare.md` for a short Cloudflare-specific guide.

Security
- Prefer scoped API tokens over global keys.
- Keep `config.json` out of source control; use environment variables or secret management in production.

Need anything else?
- I can add a small PowerShell script to run the app with environment variable support or create a release artifact (Windows exe) if you'd like.

Linux usage (systemd)

Most users run this on a Linux host. Below are recommended steps to install and run SafelineAPI as a service.

1. Build on the target machine (or cross-compile):
```bash
cd /opt
git clone <your-repo-url> safelineapi
cd safelineapi
go build -o safelineApi ./cmd/safelineApi
```

2. Place your `config.json` in `/opt/safelineapi/config.json` (or edit accordingly). You can use `config.example.json` as a starting point.

3. Install systemd unit (example unit available at `contrib/safelineapi.service`):
```bash
sudo cp contrib/safelineapi.service /etc/systemd/system/
sudo useradd --system --no-create-home safeline || true
sudo chown -R safeline:safeline /opt/safelineapi
sudo systemctl daemon-reload
sudo systemctl enable --now safelineapi.service
sudo journalctl -u safelineapi.service -f
```

4. Alternatively run with the provided helper script (uses environment variables or builds if missing):
```bash
chmod +x scripts/run.sh
SAFELINE_API_TOKEN="..." DNS_PROVIDER=Cloudflare CONTACT_EMAIL="you@example.com" ./scripts/run.sh
```

Notes
- The `contrib/safelineapi.service` unit assumes files live in `/opt/safelineapi` and the binary is `/opt/safelineapi/safelineApi`. Adjust paths to fit your setup.
- For production, run the service as a dedicated unprivileged user and keep `config.json` permissions restricted.