Slackware/bootstrap
1
0
Fork 0
Code Releases Wiki Activity

Rename certs to include domain. Better handling of certs in bootstrap.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2022-08-20 19:56:55 +01:00
commit 2015269573
9 changed files with 53 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

37
bootstrap
View file

@ -57,23 +57,36 @@ read -r -p "----> Enter GPG decryption passphraise (appears in clear text): " PA
# Decrypt the pushover-config.
echo "-> Decrypting /etc/pushover/*.gpg..."
gpg -d --passphrase "$PASS" -o /etc/pushover/backups /etc/pushover/backups.gpg
gpg -d --passphrase "$PASS" -o /etc/pushover/mirroring /etc/pushover/mirroring.gpg
gpg -d --passphrase "$PASS" -o /etc/pushover/server /etc/pushover/server.gpg
chmod 640 /etc/pushover/*
for FILE in /etc/pushover/*.gpg; do
gpg -d --passphrase "$PASS" -o "/etc/pushover/${FILE%.gpg}" "$FILE"
chmod 640 "$FILE"
done
unset FILE
# Get the current domain name.
DOMAIN="$(hostname -d)"
# Decrypt the netdata SSL key.
echo "-> Decrypting netdata SSL key..."
gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-key.pem /etc/certificates/_netdata_-key.pem.gpg
chmod 600 /etc/certificates/_netdata_-key.pem
setfacl -m u:36:r /etc/certificates/_netdata_-key.pem
echo "-> Decrypting netdata SSL key for $DOMAIN..."
if [[ -e /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg ]]; then
gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-$DOMAIN-key.pem /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg
chmod 600 /etc/certificates/_netdata_-$DOMAIN-key.pem
setfacl -m u:36:r /etc/certificates/_netdata_-$DOMAIN-key.pem
else
echo "----> No netdata SSL key found for $DOMAIN!"
fi
# Decrypt the msmtp SSL key.
echo "-> Decrypting msmtp SSL key..."
gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-key.pem /etc/certificates/_msmtp_-key.pem.gpg
chmod 600 /etc/certificates/_msmtp_-key.pem
setfacl -m g:mail:r /etc/certificates/_msmtp_-key.pem
echo "-> Decrypting msmtp SSL key for $DOMAIN..."
if [[ -e /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg ]]; then
gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-$DOMAIN-key.pem /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg
chmod 600 /etc/certificates/_msmtp_-$DOMAIN-key.pem
setfacl -m g:mail:r /etc/certificates/_msmtp_-$DOMAIN-key.pem
else
echo "----> No msmtp SSL key found for $DOMAIN!"
fi
# Remove the decryption password from the environment now it's finished with.
unset PASS
# Re-generate root's password for longer hash.