Slackware/bootstrap
1
0
Fork 0
Code Releases Wiki Activity

Rename certs to include domain. Better handling of certs in bootstrap.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2022-08-20 19:56:55 +01:00
commit 2015269573
9 changed files with 53 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
base-files/certificates/_msmtp_-afterdark.lan-cert.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB/zCCAaagAwIBAgIIYTsef/0JU9MwCgYIKoZIzj0EAwQwVzESMBAGA1UEChMJ
QWZ0ZXJkYXJrMRcwFQYDVQQDEw5BZnRlcmRhcmsgUm9vdDEoMCYGCSqGSIb3DQEJ
ARYZc3lzYWRtaW5AYWZ0ZXJkYXJrLm9yZy51azAeFw0yMDAxMDEwMDAwMDBaFw0z
OTEyMzEyMzU5NTlaMFgxEjAQBgNVBAoTCUFmdGVyZGFyazEYMBYGA1UEAwwPKi5h
ZnRlcmRhcmsubGFuMSgwJgYJKoZIhvcNAQkBFhlzeXNhZG1pbkBhZnRlcmRhcmsu
b3JnLnVrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpY03l2dNsMetws9bpYCA
rF2u3LuWan17jFkA3WyTqRY9OCqV0eIug78OLlEOD6PDxxp7CWY5MufXzJ0u6Wxf
16NbMFkwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUwsGf/l3uDE4UOGjaUU7n0vZu
pbUwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQTMBGCDyouYWZ0ZXJkYXJrLmxhbjAK
BggqhkjOPQQDBANHADBEAiB4/awdPUg1yjWun0eWXducsCaO0D5l69nqqwK2O+k0
sgIgUUxC0biEYaMLbdLunQkm8ZoZOitjB4lmMyhxR8zebto=
-----END CERTIFICATE-----

BIN
base-files/certificates/_msmtp_-afterdark.lan-key.pem.gpg Normal file
View file

Binary file not shown.

0
base-files/certificates/_msmtp_-cert.pem → base-files/certificates/_msmtp_-hosts.slackware.network-cert.pem
View file

0
base-files/certificates/_msmtp_-key.pem.gpg → base-files/certificates/_msmtp_-hosts.slackware.network-key.pem.gpg
View file

13
base-files/certificates/_netdata_-afterdark.lan-cert.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICADCCAaagAwIBAgIId9GITZ+52oQwCgYIKoZIzj0EAwQwVzESMBAGA1UEChMJ
QWZ0ZXJkYXJrMRcwFQYDVQQDEw5BZnRlcmRhcmsgUm9vdDEoMCYGCSqGSIb3DQEJ
ARYZc3lzYWRtaW5AYWZ0ZXJkYXJrLm9yZy51azAeFw0yMDAxMDEwMDAwMDBaFw0z
OTEyMzEyMzU5NTlaMFgxEjAQBgNVBAoTCUFmdGVyZGFyazEYMBYGA1UEAwwPKi5h
ZnRlcmRhcmsubGFuMSgwJgYJKoZIhvcNAQkBFhlzeXNhZG1pbkBhZnRlcmRhcmsu
b3JnLnVrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChiQmrGe4NrTg2/aOkBx
XT3vlDWLwCqAiuEgL3KwB5sqBB7nrZT55cvtmeSS9UeGWPZxKKA5be15UuFAsfIH
AaNbMFkwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUX5EtNswUZnSLdqiXXCaw0piI
fdEwDgYDVR0PAQH/BAQDAgWgMBoGA1UdEQQTMBGCDyouYWZ0ZXJkYXJrLmxhbjAK
BggqhkjOPQQDBANIADBFAiEAoqyGs1XbEv4Y/nDY9aiFvi/ncAHKCAtkU71GS1+O
XZkCIFd+ESp+sw2hwPkLa9gGcuvl/kglOgAYzo8tjNg5Kh/d
-----END CERTIFICATE-----

2
base-files/certificates/_netdata_-afterdark.lan-key.gpg Normal file
View file

@ -0,0 +1,2 @@
Ś  !}ź#P{WÖßŇŔC±ÂńiçÉa?śĺáu¤Śúż(Ą퇩.P誾¸=¬Űţ(v ß<11>Ţ_öżĚÝ„`HkĚ}Ë “
ŤLm QÓä°s‡÷yM‰ĆŢ'ŞšC´Užżł*%zŁŽ<C581>V 8€ń­RZ¬ţĆjżŮIŹŽFţŔ¨Čy×*Ű%IŃę1úëîoÜęŢgůęMµł=` \ˇ<>ĘpŮűĘŢĚŘ:älüQ]qŹ5«ٲ7,Ňgüp‰b.ˇˇ©kíRgyKŞŻÁx Fć·äOř,<2C>°?,ĆěšáŘaDV/“!™|R.ŢWš­ ÁÁý<3W©¶

0
base-files/certificates/_netdata_-cert.pem → base-files/certificates/_netdata_-hosts.slackware.network-cert.pem
View file

0
base-files/certificates/_netdata_-key.pem.gpg → base-files/certificates/_netdata_-hosts.slackware.network-key.pem.gpg
View file

37
bootstrap
View file

@ -57,23 +57,36 @@ read -r -p "----> Enter GPG decryption passphraise (appears in clear text): " PA
# Decrypt the pushover-config. # Decrypt the pushover-config.
echo "-> Decrypting /etc/pushover/*.gpg..." echo "-> Decrypting /etc/pushover/*.gpg..."
gpg -d --passphrase "$PASS" -o /etc/pushover/backups /etc/pushover/backups.gpg for FILE in /etc/pushover/*.gpg; do
gpg -d --passphrase "$PASS" -o /etc/pushover/mirroring /etc/pushover/mirroring.gpg gpg -d --passphrase "$PASS" -o "/etc/pushover/${FILE%.gpg}" "$FILE"
gpg -d --passphrase "$PASS" -o /etc/pushover/server /etc/pushover/server.gpg chmod 640 "$FILE"
chmod 640 /etc/pushover/* done
unset FILE
# Get the current domain name.
DOMAIN="$(hostname -d)"
# Decrypt the netdata SSL key. # Decrypt the netdata SSL key.
echo "-> Decrypting netdata SSL key..." echo "-> Decrypting netdata SSL key for $DOMAIN..."
gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-key.pem /etc/certificates/_netdata_-key.pem.gpg if [[ -e /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg ]]; then
chmod 600 /etc/certificates/_netdata_-key.pem gpg -d --passphrase "$PASS" -o /etc/certificates/_netdata_-$DOMAIN-key.pem /etc/certificates/_netdata_-$DOMAIN-key.pem.gpg
setfacl -m u:36:r /etc/certificates/_netdata_-key.pem chmod 600 /etc/certificates/_netdata_-$DOMAIN-key.pem
setfacl -m u:36:r /etc/certificates/_netdata_-$DOMAIN-key.pem
else
echo "----> No netdata SSL key found for $DOMAIN!"
fi
# Decrypt the msmtp SSL key. # Decrypt the msmtp SSL key.
echo "-> Decrypting msmtp SSL key..." echo "-> Decrypting msmtp SSL key for $DOMAIN..."
gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-key.pem /etc/certificates/_msmtp_-key.pem.gpg if [[ -e /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg ]]; then
chmod 600 /etc/certificates/_msmtp_-key.pem gpg -d --passphrase "$PASS" -o /etc/certificates/_msmtp_-$DOMAIN-key.pem /etc/certificates/_msmtp_-$DOMAIN-key.pem.gpg
setfacl -m g:mail:r /etc/certificates/_msmtp_-key.pem chmod 600 /etc/certificates/_msmtp_-$DOMAIN-key.pem
setfacl -m g:mail:r /etc/certificates/_msmtp_-$DOMAIN-key.pem
else
echo "----> No msmtp SSL key found for $DOMAIN!"
fi
# Remove the decryption password from the environment now it's finished with.
unset PASS unset PASS
# Re-generate root's password for longer hash. # Re-generate root's password for longer hash.