bootstrap ca

2023-05-26 09:45:21 +02:00 · 2023-05-26 09:45:21 +02:00 · c7e438d4ee
commit c7e438d4ee
parent c4065559fc
5 changed files with 16 additions and 10 deletions
--- a/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env
+++ b/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env
@ -19,7 +19,8 @@ domain_sympa=listes.kaz.sns
 ########################################
 # choix d'un serveur partiel
 # site=site-2
-site=
+site=kaz1
+acme_server="https://ca.mica.sns/acme/acme/directory"

 ########################################
 # Pour garradin qui met en "dure" dans
--- a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list
+++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list
@ -1,2 +1,2 @@
-proxy
-#traefik
+#proxy
+traefik
--- a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list
+++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list
@ -2,8 +2,7 @@
 #jirafeau
 #ethercalc
 #collabora
-#ethercalc
-#etherpad
+etherpad
 #quotas
 #web
 #vigilo
--- a/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env
+++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env
@ -19,7 +19,8 @@ domain_sympa=listes.kaz.sns
 ########################################
 # choix d'un serveur partiel
 # site=site-2
-site=site-2
+site=kaz2
+acme_server="https://ca.mica.sns/acme/acme/directory"

 ########################################
 # Pour garradin qui met en "dure" dans
--- a/files/snster-kaz/mica/infra/provision.sh
+++ b/files/snster-kaz/mica/infra/provision.sh
@ -17,10 +17,15 @@ cp dns.conf /etc/unbound/unbound.conf.d/

 # Install smallstep CA / ACME server
 cd /tmp
-wget https://github.com/smallstep/cli/releases/download/v0.17.2/step-cli_0.17.2_amd64.deb
-dpkg -i step-cli_0.17.2_amd64.deb
-wget https://github.com/smallstep/certificates/releases/download/v0.17.2/step-ca_0.17.2_amd64.deb
-dpkg -i step-ca_0.17.2_amd64.deb
+wget "https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.24.4/step-cli_0.24.4_amd64.deb"
+dpkg -i step-cli_0.24.4_amd64.deb
+wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2/step-ca_0.24.2_amd64.deb"
+dpkg -i step-ca_0.24.2_amd64.deb
+
+echo "password" > /root/ca-passwordfile
+step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile"
+echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local
+chmod +x /etc/rc.local

 # step ca init
 # step ca root root.crt