add simple tool to update iway dns stuff

python/iway/README.md

@@ -0,0 +1,61 @@
+# iway-dns-update
+Simple script to update DNS records
+
+# Project Structure
+
+* `main.py`: The entry point that handles command-line arguments.
+* `api.py`: The core module containing logic for login, CSRF handling, DNS patching, and logout.
+* `iway-certbot-dns-auth.yml`: Your private configuration file (contains credentials).
+
+# Setup
+
+## Requirements
+
+I'm using `uv`, but feel free to use what you need.
+
+```
+uv sync
+uv lock --upgrade
+```
+
+## Configuration
+
+Create a file `iway-certbot-dns-auth.yml` with content:
+```
+account:
+  username: 'api user'
+  password: 'secret'
+```
+
+## Security
+
+Just ensure that you don't save any credentials in this git repo
+
+# Usage
+
+You can run the script from the terminal by passing the domain, record name, type, and the new value.
+
+Example: Update a TLSA record
+
+```bash
+python main.py \
+  --domain dasbaum.ch \
+  --name _25._tcp.mail.dasbaum.ch \
+  --type TLSA \
+  --value "3 1 1 <sha512>"
+```
+
+|Argument|Description|Example|
+|--------|-----------|-------|
+|--domain|The zone domain|dasbaum.ch
+|--name|Full record name|_acme-challenge.dasbaum.ch
+|--type|DNS Record Type|"TXT, TLSA, A"
+|--value|New record content|your-secret-token
+|--config| (Optional) Path to config|my-config.yml
+
+# How it works
+
+1. **Authentication**: The script logs into the iWay API to retrieve a Bearer token and a `csrftoken` cookie.
+2. **CSRF Handling**: It extracts the `csrftoken` from the response cookies and includes it in the `X-CSRFToken` header for subsequent requests.
+3. **DNS Patching**: It sends a `PATCH` request to the forward zone endpoint to update the specific `rrsets`.
+4. **Session Cleanup**: It performs a logout request to invalidate the tokens immediately after the work is done.