2025-01-10 23:14:23 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
# Copyright (c) 2021-2025 community-scripts ORG
|
|
|
|
|
# Author: FWiegerinck
|
|
|
|
|
# License: MIT
|
|
|
|
|
# Source: https://github.com/smallstep/certificates
|
|
|
|
|
|
|
|
|
|
# Import Functions und Setup
|
|
|
|
|
source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
|
|
|
|
|
color
|
|
|
|
|
verb_ip6
|
|
|
|
|
catch_errors
|
|
|
|
|
setting_up_container
|
|
|
|
|
network_check
|
|
|
|
|
update_os
|
|
|
|
|
|
2025-01-11 00:10:13 +00:00
|
|
|
# Installing Dependencies
|
2025-01-10 23:14:23 +00:00
|
|
|
#msg_info "Installing Dependencies"
|
2025-01-11 00:10:13 +00:00
|
|
|
$STD apk add newt
|
|
|
|
|
$STD apk add openssl
|
2025-01-10 23:14:23 +00:00
|
|
|
#msg_ok "Installed Dependencies"
|
|
|
|
|
|
2025-01-11 22:19:59 +00:00
|
|
|
msg_info "Preparing environment"
|
|
|
|
|
$STD echo "export STEPPATH=/etc/step-ca" > ~/.profile
|
2025-01-13 23:14:55 +00:00
|
|
|
$STD export STEPPATH=/etc/step-ca
|
|
|
|
|
|
|
|
|
|
if [ "$VERBOSE" = "yes" ]; then
|
|
|
|
|
env #Display environment details
|
|
|
|
|
fi
|
2025-01-14 23:08:15 +00:00
|
|
|
|
|
|
|
|
x509_policy_dns=($(echo "${CA_X509_POLICY_DNS}" | tr ' ' '\n'))
|
|
|
|
|
x509_policy_ips=($(echo "${CA_X509_POLICY_IPS}" | tr ' ' '\n'))
|
|
|
|
|
|
2025-01-11 22:19:59 +00:00
|
|
|
msg_ok "Environment prepared"
|
|
|
|
|
|
2025-01-10 23:14:23 +00:00
|
|
|
msg_info "Installing Alpine Step-CA"
|
|
|
|
|
$STD apk add step-cli step-certificates
|
|
|
|
|
msg_ok "Installed Alpine Step-CA"
|
|
|
|
|
|
|
|
|
|
# Initialize CA
|
|
|
|
|
config_dir="/etc/step-ca"
|
|
|
|
|
passwd_file="${config_dir}/password.txt"
|
|
|
|
|
|
2025-01-15 22:26:57 +00:00
|
|
|
msg_info "Generate CA secrets"
|
2025-01-11 00:16:27 +00:00
|
|
|
CA_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
|
|
|
|
|
$STD cat <<EOF >${passwd_file}
|
2025-01-10 23:14:23 +00:00
|
|
|
${CA_PASS}
|
|
|
|
|
EOF
|
2025-01-15 22:26:57 +00:00
|
|
|
msg_ok "Generated CA secrets"
|
2025-01-10 23:14:23 +00:00
|
|
|
|
2025-01-11 22:19:59 +00:00
|
|
|
|
2025-01-14 23:08:15 +00:00
|
|
|
msg_info "Initialize base CA"
|
2025-01-15 22:26:57 +00:00
|
|
|
$STD step ca init --name "${CA_NAME}" $CA_DNS --password-file ${passwd_file} --deployment-type standalone --address ":443" --provisioner admin
|
2025-01-14 23:08:15 +00:00
|
|
|
|
2025-01-15 22:26:57 +00:00
|
|
|
#for dns_entry in "${x509_policy_dns[@]}"; do
|
|
|
|
|
# $STD step ca policy authority x509 allow dns "${dns_entry}"
|
|
|
|
|
#done
|
|
|
|
|
#for ip_entry in "${x509_policy_ips[@]}"; do
|
|
|
|
|
# $STD step ca policy authority x509 allow ip ${ip_entry}
|
|
|
|
|
#done
|
2025-01-14 23:08:15 +00:00
|
|
|
|
|
|
|
|
if [ "${CA_ACME}" = "yes" ]; then
|
|
|
|
|
msg_info "Initialize ACME for CA"
|
2025-01-15 22:26:57 +00:00
|
|
|
$STD step ca provisioner add ${CA_ACME_NAME} --type ACME --x509-min-dur=20m --x509-max-dur=32h --x509-default-dur=24h
|
2025-01-14 23:08:15 +00:00
|
|
|
fi
|
2025-01-11 22:19:59 +00:00
|
|
|
msg_ok "Finished initialization of CA"
|
|
|
|
|
|
2025-01-10 23:14:23 +00:00
|
|
|
# Start application
|
|
|
|
|
msg_info "Starting Alpine Step-CA"
|
|
|
|
|
$STD rc-service step-ca start
|
|
|
|
|
$STD rc-update add step-ca default
|
|
|
|
|
msg_ok "Started Alpine Step-CA"
|
|
|
|
|
|
|
|
|
|
motd_ssh
|
2025-01-15 22:26:57 +00:00
|
|
|
|
|
|
|
|
# add fingerprint to motd
|
2025-01-17 21:04:52 +00:00
|
|
|
ca_root_fingerprint=$(step certificate fingerprint ${STEPPATH}/certs/root_ca.crt)
|
2025-01-15 22:26:57 +00:00
|
|
|
echo -e "${TAB}${DEFAULT}${YW} Fingerprint CA Root Certificate: ${GN}${ca_root_fingerprint}${CL}" >> /etc/motd
|
|
|
|
|
|
2025-01-10 23:14:23 +00:00
|
|
|
customize
|
