KAZ/kaz-vagrant
2
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

bugfix certif nginx

Browse Source
This commit is contained in:
Francois Lesueur 2023-05-26 13:45:28 +02:00
parent 41e7591163
commit 958a6225b1
3 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
files/snster-kaz/hoster-a/kaz1/provision.sh
View File

@ -55,14 +55,12 @@ echo "export SNSTERGUARD='true'" >> /root/.bashrc
# On place les certifs # On place les certifs
# On place les certifs
if [ -f tls/root_ca.crt ]; then
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/ cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
/usr/sbin/update-ca-certificates --fresh /usr/sbin/update-ca-certificates --fresh
fi
if [ -d letsencrypt ]; then mkdir -p /etc/letsencrypt/live/kaz.sns
cp -ar letsencrypt /etc/ cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
fi cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
# On sauve le proxy APT # On sauve le proxy APT
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1) proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)

8
files/vm-provision.sh
View File

@ -159,10 +159,6 @@ EOF
step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure
mkdir -p /etc/letsencrypt/live/kaz.sns/
ln -sf /root/tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
ln -sf /root/tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
# Cache docker registry # Cache docker registry
echo "proxy: echo "proxy:
remoteurl: https://registry-1.docker.io remoteurl: https://registry-1.docker.io
@ -196,8 +192,8 @@ auth:
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys # crypto keys
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/ cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/ cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
cp -ar /root/tls /root/snster-kaz/isp-a/home/ cp -ar /root/tls /root/snster-kaz/isp-a/home/
cp -ar /root/tls /root/snster-kaz/mica/infra/ cp -ar /root/tls /root/snster-kaz/mica/infra/

4
files/vm-upgrade.sh
View File

@ -26,8 +26,8 @@ git switch "${KAZBRANCH}"
# On écrase les anciens fichiers # On écrase les anciens fichiers
cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/ cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
# crypto keys # crypto keys
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/ cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/ cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
cp -ar /root/tls /root/snster-kaz/isp-a/home/ cp -ar /root/tls /root/snster-kaz/isp-a/home/
cp -ar /root/tls /root/snster-kaz/mica/infra/ cp -ar /root/tls /root/snster-kaz/mica/infra/