From 4117afd9938419e4b23711fd4323a4a5f281479b Mon Sep 17 00:00:00 2001
From: Francois Lesueur <francois.lesueur@univ-ubs.fr>
Date: Fri, 26 May 2023 10:04:35 +0200
Subject: [PATCH] ca acme avec le ca de la vm

---
 files/snster-kaz/mica/infra/provision.sh | 2 +-
 files/vm-provision.sh                    | 2 ++
 files/vm-upgrade.sh                      | 7 ++++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/files/snster-kaz/mica/infra/provision.sh b/files/snster-kaz/mica/infra/provision.sh
index acedc74..f514752 100644
--- a/files/snster-kaz/mica/infra/provision.sh
+++ b/files/snster-kaz/mica/infra/provision.sh
@@ -23,7 +23,7 @@ wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2
 dpkg -i step-ca_0.24.2_amd64.deb
 
 echo "password" > /root/ca-passwordfile
-step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile"
+step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" --root="letsencrypt/local/rootCA.pem" --key "letsencrypt/local/rootCA-key.pem"
 echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local
 chmod +x /etc/rc.local
 
diff --git a/files/vm-provision.sh b/files/vm-provision.sh
index 565057c..15755eb 100755
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@@ -222,6 +222,8 @@ auth:
     cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
     cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
     cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+    cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/
+
 
     # On lie le filesystem de kaz-prod dans le /kaz de la VM pour le dév
     ln -s /var/lib/lxc/kaz-hoster-a-kaz1/rootfs/ /kaz1-prod
diff --git a/files/vm-upgrade.sh b/files/vm-upgrade.sh
index ed3e9f6..89c32bd 100755
--- a/files/vm-upgrade.sh
+++ b/files/vm-upgrade.sh
@@ -15,9 +15,13 @@ git pull
 sed -i -e "s/template=self.template/template=self.template, bdevtype='btrfs'/" /usr/local/lib/python3.9/dist-packages/backends/LxcBackend.py
 
 # On récupère le dernier kaz-vagrant
+if [ -z "${KAZBRANCH}" ] ; then
+   KAZBRANCH="master"
+fi
 cd /tmp
-git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git pull)
+git clone https://git.kaz.bzh/KAZ/kaz-vagrant.git || (cd kaz-vagrant && git fetch && git switch "${KAZBRANCH}" && git pull)
 cd /tmp/kaz-vagrant
+git switch "${KAZBRANCH}"
 
 # On écrase les anciens fichiers
 cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
@@ -25,6 +29,7 @@ cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
 cp -ar /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
 cp -ar /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
 cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
+cp -ar /etc/letsencrypt /root/snster-kaz/mica/infra/
 
 # On détruit et reconstruit tout sauf kaz-prod
 SNSTER="snster -c /root/snster-kaz"