From c7e438d4ee55eaaeed21059918f759578facc382 Mon Sep 17 00:00:00 2001 From: Francois Lesueur Date: Fri, 26 May 2023 09:45:21 +0200 Subject: [PATCH] bootstrap ca --- .../snster-kaz/hoster-a/kaz1/kaz-config/dockers.env | 3 ++- .../hoster-b/kaz2/kaz-config/container-proxy.list | 4 ++-- .../kaz2/kaz-config/container-withoutMail.list | 3 +-- .../snster-kaz/hoster-b/kaz2/kaz-config/dockers.env | 3 ++- files/snster-kaz/mica/infra/provision.sh | 13 +++++++++---- 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env b/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env index 1b1f6ad..2d03669 100644 --- a/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env +++ b/files/snster-kaz/hoster-a/kaz1/kaz-config/dockers.env @@ -19,7 +19,8 @@ domain_sympa=listes.kaz.sns ######################################## # choix d'un serveur partiel # site=site-2 -site= +site=kaz1 +acme_server="https://ca.mica.sns/acme/acme/directory" ######################################## # Pour garradin qui met en "dure" dans diff --git a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list index 1e85afe..9422204 100644 --- a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list +++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-proxy.list @@ -1,2 +1,2 @@ -proxy -#traefik +#proxy +traefik diff --git a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list index 6bfbe47..21432ac 100644 --- a/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list +++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/container-withoutMail.list @@ -2,8 +2,7 @@ #jirafeau #ethercalc #collabora -#ethercalc -#etherpad +etherpad #quotas #web #vigilo diff --git a/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env b/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env index 8a08684..78beb2c 100644 --- a/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env +++ b/files/snster-kaz/hoster-b/kaz2/kaz-config/dockers.env @@ -19,7 +19,8 @@ domain_sympa=listes.kaz.sns ######################################## # choix d'un serveur partiel # site=site-2 -site=site-2 +site=kaz2 +acme_server="https://ca.mica.sns/acme/acme/directory" ######################################## # Pour garradin qui met en "dure" dans diff --git a/files/snster-kaz/mica/infra/provision.sh b/files/snster-kaz/mica/infra/provision.sh index c76e5ac..acedc74 100644 --- a/files/snster-kaz/mica/infra/provision.sh +++ b/files/snster-kaz/mica/infra/provision.sh @@ -17,10 +17,15 @@ cp dns.conf /etc/unbound/unbound.conf.d/ # Install smallstep CA / ACME server cd /tmp -wget https://github.com/smallstep/cli/releases/download/v0.17.2/step-cli_0.17.2_amd64.deb -dpkg -i step-cli_0.17.2_amd64.deb -wget https://github.com/smallstep/certificates/releases/download/v0.17.2/step-ca_0.17.2_amd64.deb -dpkg -i step-ca_0.17.2_amd64.deb +wget "https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.24.4/step-cli_0.24.4_amd64.deb" +dpkg -i step-cli_0.24.4_amd64.deb +wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2/step-ca_0.24.2_amd64.deb" +dpkg -i step-ca_0.24.2_amd64.deb + +echo "password" > /root/ca-passwordfile +step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" +echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local +chmod +x /etc/rc.local # step ca init # step ca root root.crt