Support installation via pipx

[simfinite]

Hi,

first of all, thanks for this project, it's proven to be very useful for my home network setup.
I am not sure if you would be interested in merging this, so let me briefly explain what I did:

With a proper Python package setup (essentially a pyproject.toml and following conventions regarding file names and directory structure), the project becomes installable via pip and, even more useful, via pipx which installs everything into a dedidated virtual environment including dependencies with one command, e.g.:

pipx install git+https://github.com/simfinite/strato-certbot

The most notable changes are:

• moving all source files into a strato_certbot subdirectory
• renaming source files to avoid hyphens in the filename
• adding a pyproject.toml describing all package meta-data, including dependencies (making obsolete the files requirements.txt and requirements-dev.txt

@Buxdehuda: Let me know if you're willing to merge these changes and if you need any further help with it. If not, feel free to close this PR, as I will just maintain my fork then.

[Buxdehuda]

Looks interesting.
While I haven't used pipx myself, the pyproject.toml seems like the go-to standard now that is supported by multiple package managers.
Please just add a short section in the README on how to install the dependencies with pip and/or pipx.

I think this command has to be changed too, to reflect the new file structure

strato-certbot/README.md

Line 55 in 3223516

sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook "$(pwd)/auth-hook.py strato-auth.json" --manual-cleanup-hook "$(pwd)/cleanup-hook.py strato-auth.json" -d example.com -d *.example.com

This would be a breaking change, just using git pull and having the certbot renew cronjob wouldn't work anymore. (That's not a deal breaker, just something to keep in mind)

Also, have you checked the script with the auth.json file or the env variables?
There's also a direct reference to the location of the file

strato-certbot/auth-hook.py

Line 34 in 3223516

os.path.dirname(__file__) + os.path.normcase("/" + auth_path),

strato-certbot/cleanup-hook.py

Line 28 in 3223516

os.path.dirname(__file__) + os.path.normcase("/" + auth_path),

[simfinite]

Good points.

The pyproject.toml defines entry points to the hook scripts, i.e. if installed via pip/pipx/uv these should be globally executable via strato-auth-hook and strato-cleanup-hook without the need to specify the script path. For the old setup (installing dependencies + pointing certbot to the script source files) the path would have to be changed. I will add some documentation for both ways.

Regarding the path to the auth.json, I would like to add the possibility of specifying absolute path as copying the file into the installed package seems bad practice.

Unfortunately, I am experiencing some problems currently with the authentication on the strato website, so I cannot test locally. I am pretty sure this worked as of yesterday, but today I am just redirected to the login page and cannot retrieve a session ID. Currently trying to debug by adding calling the auth hook directly and adding debug output statements: CERTBOT_VALIDATION=test_value CERTBOT_DOMAIN=mydomain.de strato-auth-hook strato-auth.json. This essentially results in ERROR: Strato login not accepted.. Not using 2FA. Any ideas?

[Buxdehuda]

Unfortunately, I am experiencing some problems currently with the authentication on the strato website

Try this, seems like it is the same problem: #46

[simfinite]

I added some docs, but need to experiment some more with how to use the hook scripts via the entry points specified in the pyproject.toml when installing as a package. Tbh, I am a bit confused on whether or not to install with sudo and how the environments are handled for certbot running with root privileges. I am open to suggestions on solid practices. Will do some more experimenting and validating workflows, possibly may have to adapt the docs again

[simfinite]

I think I got it worked out. When installing via pipx, we still have to make the scripts globally available while placing dependencies into the dedicated environment. This can be achieved via the variables PIPX_HOME and PIPX_BIN_DIR. I updated the docs accordingly, hope they are not too verbose now.

Most probably, a similar workflow is possible with uv package manager, but I am still new to this.

Also, I included a fix for the cleanup script: 48569a0
Let me know if you'd rather have that as a separate issue/PR.

[Buxdehuda]

Thanks, LGTM