Rename certs to include domain. Better handling of certs in bootstrap.
This commit is contained in:
parent
3ef1e08a32
commit
2015269573
9 changed files with 53 additions and 12 deletions
13
base-files/certificates/_msmtp_-afterdark.lan-cert.pem
Normal file
13
base-files/certificates/_msmtp_-afterdark.lan-cert.pem
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB/zCCAaagAwIBAgIIYTsef/0JU9MwCgYIKoZIzj0EAwQwVzESMBAGA1UEChMJ
|
||||
QWZ0ZXJkYXJrMRcwFQYDVQQDEw5BZnRlcmRhcmsgUm9vdDEoMCYGCSqGSIb3DQEJ
|
||||
ARYZc3lzYWRtaW5AYWZ0ZXJkYXJrLm9yZy51azAeFw0yMDAxMDEwMDAwMDBaFw0z
|
||||
OTEyMzEyMzU5NTlaMFgxEjAQBgNVBAoTCUFmdGVyZGFyazEYMBYGA1UEAwwPKi5h
|
||||
ZnRlcmRhcmsubGFuMSgwJgYJKoZIhvcNAQkBFhlzeXNhZG1pbkBhZnRlcmRhcmsu
|
||||
b3JnLnVrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpY03l2dNsMetws9bpYCA
|
||||
rF2u3LuWan17jFkA3WyTqRY9OCqV0eIug78OLlEOD6PDxxp7CWY5MufXzJ0u6Wxf
|
||||
16NbMFkwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUwsGf/l3uDE4UOGjaUU7n0vZu
|
||||
pbUwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQTMBGCDyouYWZ0ZXJkYXJrLmxhbjAK
|
||||
BggqhkjOPQQDBANHADBEAiB4/awdPUg1yjWun0eWXducsCaO0D5l69nqqwK2O+k0
|
||||
sgIgUUxC0biEYaMLbdLunQkm8ZoZOitjB4lmMyhxR8zebto=
|
||||
-----END CERTIFICATE-----
|
||||
BIN
base-files/certificates/_msmtp_-afterdark.lan-key.pem.gpg
Normal file
BIN
base-files/certificates/_msmtp_-afterdark.lan-key.pem.gpg
Normal file
Binary file not shown.
13
base-files/certificates/_netdata_-afterdark.lan-cert.pem
Normal file
13
base-files/certificates/_netdata_-afterdark.lan-cert.pem
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICADCCAaagAwIBAgIId9GITZ+52oQwCgYIKoZIzj0EAwQwVzESMBAGA1UEChMJ
|
||||
QWZ0ZXJkYXJrMRcwFQYDVQQDEw5BZnRlcmRhcmsgUm9vdDEoMCYGCSqGSIb3DQEJ
|
||||
ARYZc3lzYWRtaW5AYWZ0ZXJkYXJrLm9yZy51azAeFw0yMDAxMDEwMDAwMDBaFw0z
|
||||
OTEyMzEyMzU5NTlaMFgxEjAQBgNVBAoTCUFmdGVyZGFyazEYMBYGA1UEAwwPKi5h
|
||||
ZnRlcmRhcmsubGFuMSgwJgYJKoZIhvcNAQkBFhlzeXNhZG1pbkBhZnRlcmRhcmsu
|
||||
b3JnLnVrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChiQmrGe4NrTg2/aOkBx
|
||||
XT3vlDWLwCqAiuEgL3KwB5sqBB7nrZT55cvtmeSS9UeGWPZxKKA5be15UuFAsfIH
|
||||
AaNbMFkwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUX5EtNswUZnSLdqiXXCaw0piI
|
||||
fdEwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQTMBGCDyouYWZ0ZXJkYXJrLmxhbjAK
|
||||
BggqhkjOPQQDBANIADBFAiEAoqyGs1XbEv4Y/nDY9aiFvi/ncAHKCAtkU71GS1+O
|
||||
XZkCIFd+ESp+sw2hwPkLa9gGcuvl/kglOgAYzo8tjNg5Kh/d
|
||||
-----END CERTIFICATE-----
|
||||
2
base-files/certificates/_netdata_-afterdark.lan-key.gpg
Normal file
2
base-files/certificates/_netdata_-afterdark.lan-key.gpg
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
Ś
!}ź#P{WÖßŇŔC±ÂńiçÉa?śĺ‘áu¤Śúż(Ąí‡©.P誾’¸=¬Űţ(v ß<11>Ţ_öżĚÝ„`HkĚ}Ë
“
|
||||
ŤLm QÓä°s‡÷yM‰ĆŢ'ŞšC´Užżł*%zŁŽ<C581>V ‹8€ńRZ¬ţĆjżŮIŹŽFţŔ¨Čyב*Ű%IŃę1úëîoÜęŢgůęMµł=`Wđ\‚'¤ˇ<>ĘpŮűĘŢĚŘ:älüQ]qŹ5«Ů˛7,Ňgüp‰b.ˇˇ©kíRgyKŞŻÁxFć·äOř,<2C>°?,ĆěšáŘaDV‚/“!™|R.ŢWš ÁÁý<3W©¶
|
||||
37
bootstrap
37
bootstrap
|
|
@ -57,23 +57,36 @@ read -r -p "----> Enter GPG decryption passphraise (appears in clear text): " PA
|
|||
|
||||
# Decrypt the pushover-config.
|
||||
echo "-> Decrypting /etc/pushover/*.gpg..."
|
||||
gpg -d --passphrase "$PASS" -o /etc/pushover/backups /etc/pushover/backups.gpg
|
||||
gpg -d --passphrase "$PASS" -o /etc/pushover/mirroring /etc/pushover/mirroring.gpg
|
||||
gpg -d --passphrase "$PASS" -o /etc/pushover/server /etc/pushover/server.gpg
|
||||
chmod 640 /etc/pushover/*
|
||||
for FILE in /etc/pushover/*.gpg; do
|
||||
gpg -d --passphrase "$PASS" -o "/etc/pushover/${FILE%.gpg}" "$FILE"
|
||||
chmod 640 "$FILE"
|
||||
done
|
||||
unset FILE
|
||||
|
||||
# Get the current domain name.
|
||||
DOMAIN="$(hostname -d)"
|
||||
|
||||
# Decrypt the netdata SSL key.
|
||||
echo "-> Decrypting netdata SSL key..."
|
||||
gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-key.pem /etc/certificates/_netdata_-key.pem.gpg
|
||||
chmod 600 /etc/certificates/_netdata_-key.pem
|
||||
setfacl -m u:36:r /etc/certificates/_netdata_-key.pem
|
||||
echo "-> Decrypting netdata SSL key for $DOMAIN..."
|
||||
if [[ -e /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg ]]; then
|
||||
gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-$DOMAIN-key.pem /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg
|
||||
chmod 600 /etc/certificates/_netdata_-$DOMAIN-key.pem
|
||||
setfacl -m u:36:r /etc/certificates/_netdata_-$DOMAIN-key.pem
|
||||
else
|
||||
echo "----> No netdata SSL key found for $DOMAIN!"
|
||||
fi
|
||||
|
||||
# Decrypt the msmtp SSL key.
|
||||
echo "-> Decrypting msmtp SSL key..."
|
||||
gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-key.pem /etc/certificates/_msmtp_-key.pem.gpg
|
||||
chmod 600 /etc/certificates/_msmtp_-key.pem
|
||||
setfacl -m g:mail:r /etc/certificates/_msmtp_-key.pem
|
||||
echo "-> Decrypting msmtp SSL key for $DOMAIN..."
|
||||
if [[ -e /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg ]]; then
|
||||
gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-$DOMAIN-key.pem /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg
|
||||
chmod 600 /etc/certificates/_msmtp_-$DOMAIN-key.pem
|
||||
setfacl -m g:mail:r /etc/certificates/_msmtp_-$DOMAIN-key.pem
|
||||
else
|
||||
echo "----> No msmtp SSL key found for $DOMAIN!"
|
||||
fi
|
||||
|
||||
# Remove the decryption password from the environment now it's finished with.
|
||||
unset PASS
|
||||
|
||||
# Re-generate root's password for longer hash.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue