2025-01-10 23:19:36 +00:00
#!/usr/bin/env bash
2025-01-21 22:15:05 +00:00
source <( curl -s https://raw.githubusercontent.com/fwiegerinck/ProxmoxVE/refs/heads/step-ca/misc/build.func)
#source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
2025-01-10 23:19:36 +00:00
# Copyright (c) 2021-2025 community-scripts ORG
# Author: FWiegerinck
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/smallstep/certificates
2025-01-11 00:00:40 +00:00
APP = "Alpine-Step-CA"
var_tags = "alpine;step-ca"
2025-01-10 23:19:36 +00:00
var_cpu = "1"
var_ram = "512"
var_disk = "1024"
var_os = "alpine"
var_version = "3.20"
2025-01-21 22:51:10 +00:00
var_unprivileged = "1"
2025-01-10 23:19:36 +00:00
2025-01-14 23:08:15 +00:00
DEFAULT_CA_NAME = "HomeLab CA"
2025-01-10 23:19:36 +00:00
header_info " $APP "
base_settings
variables
color
catch_errors
function update_script( ) {
if ! apk -e info newt >/dev/null 2>& 1; then
apk add -q newt
fi
while true; do
CHOICE = $(
whiptail --backtitle "Proxmox VE Helper Scripts" --title "SUPPORT" --menu "Select option" 11 58 1 \
"1" "Check for Step CA Updates" 3>& 2 2>& 1 1>& 3
)
exit_status = $?
if [ $exit_status = = 1 ] ; then
clear
exit-script
fi
header_info
case $CHOICE in
1)
apk update && apk upgrade
exit
; ;
esac
done
}
2025-01-13 23:14:55 +00:00
function ca_settings( ) {
2025-01-11 22:19:50 +00:00
whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "Configure Certificate Authority" "Now that we defined the container we need to configure the certificate authority." 8 58
2025-01-14 23:08:15 +00:00
2025-01-11 22:19:50 +00:00
if CA_NAME = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Name of certificate authority" 8 58 " $DEFAULT_CA_NAME " --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -z " $CA_NAME " ] ; then
CA_NAME = " $DEFAULT_CA_NAME "
fi
else
exit
fi
2025-01-13 23:14:55 +00:00
CA_DNS_ENTRIES = ( )
2025-01-11 22:19:50 +00:00
DEFAULT_CA_DNS_ENTRY = " ${ HN } .local "
2025-01-14 23:08:15 +00:00
if CA_PRIMARY_DNS = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "DNS entry of Certificate Authority" 8 58 " $DEFAULT_CA_DNS_ENTRY " --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -z " $CA_PRIMARY_DNS " ] ; then
CA_PRIMARY_DNS = $DEFAULT_CA_DNS_ENTRY
2025-01-11 22:19:50 +00:00
fi
2025-01-14 23:08:15 +00:00
CA_DNS_ENTRIES += ( " --dns= $CA_PRIMARY_DNS " )
2025-01-11 22:19:50 +00:00
else
exit
fi
while whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Configure Certificate Authority" --yesno "Do you want to add another DNS entry?" 10 72 ; do
2025-01-14 23:08:15 +00:00
if dns_entry = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "DNS entry of Certificate Authority" 8 58 "" --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -n " $dns_entry " ] ; then
CA_DNS_ENTRIES += ( " --dns= $dns_entry " )
fi
fi
done
x509_policy_dns = ( )
while true; do
if dns_entry = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "[X509 Policy] Allowed by DNS. Use full ('domain.local') or wildcard ('*.local') DNS:" 8 58 "" --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -n " $dns_entry " ] ; then
2025-01-14 23:16:57 +00:00
x509_policy_dns += ( " $dns_entry " )
2025-01-14 23:08:15 +00:00
else
break
2025-01-11 22:19:50 +00:00
fi
2025-01-14 23:08:15 +00:00
else
exit
2025-01-11 22:19:50 +00:00
fi
done
2025-01-14 23:08:15 +00:00
x509_policy_ips = ( )
while true; do
if ip_entry = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "[X509 Policy] Allowed by IP addresses. Use single address ('192.168.1.169' or '::1') or CIDR address ranges ('192.168.1.0/24' or '2001:0db8::/120'):" 8 58 "" --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -n " $ip_entry " ] ; then
2025-01-14 23:16:57 +00:00
x509_policy_ips += ( " $ip_entry " )
2025-01-14 23:08:15 +00:00
else
break
fi
else
exit
fi
done
if ( whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Configure Certificate Authority" --yesno "Enable ACME?" 10 58) ; then
CA_ACME = "yes"
default_ca_acme_name = "acme"
if CA_ACME_NAME = $( whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Name of ACME provider" 8 58 " $default_ca_acme_name " --title "Configure Certificate Authority" 3>& 1 1>& 2 2>& 3) ; then
if [ -z " $CA_ACME_NAME " ] ; then
CA_ACME_NAME = " $default_ca_acme_name "
fi
else
exit
fi
else
CA_ACME = "no"
fi
2025-01-13 23:14:55 +00:00
if [ " $VERBOSE " = "yes" ] ; then
echo -e " ${ DEFAULT } ${ BOLD } ${ DGN } Name of CA: ${ BGN } $CA_NAME ${ CL } "
echo -e " ${ DEFAULT } ${ BOLD } ${ DGN } DNS entries of CA: ${ CL } "
for DNS_ENTRY in ${ CA_DNS_ENTRIES [*] } ; do
2025-01-14 23:08:15 +00:00
echo -e " - $DNS_ENTRY "
2025-01-13 23:14:55 +00:00
done
2025-01-14 23:08:15 +00:00
echo -e " ${ DEFAULT } ${ BOLD } ${ DGN } X509 Policy - allow:{CL} "
echo -e " - DNS entries: ${ x509_policy_dns [*] } "
echo -e " - IP addresses: ${ x509_policy_ips [*] } "
echo -e " ${ DEFAULT } ${ BOLD } ${ DGN } Enable ACME: ${ BGN } $CA_ACME ${ CL } "
if [ " ${ CA_ACME } " = "yes" ] ; then
echo -e " - Name of provider: ${ CA_ACME_NAME } "
fi
2025-01-13 23:14:55 +00:00
fi
2025-01-11 22:19:50 +00:00
export CA_NAME
2025-01-14 23:08:15 +00:00
export CA_PRIMARY_DNS
export CA_DNS = ${ CA_DNS_ENTRIES [*] }
export CA_X509_POLICY_DNS = ${ x509_policy_dns [*] }
export CA_X509_POLICY_IPS = ${ x509_policy_ips [*] }
export CA_ACME
export CA_ACME_NAME
2025-01-11 22:19:50 +00:00
}
2025-01-10 23:19:36 +00:00
start
2025-01-13 23:18:24 +00:00
ca_settings
2025-01-10 23:19:36 +00:00
build_container
description
msg_ok "Completed Successfully!\n"
echo -e " ${ CREATING } ${ GN } ${ APP } setup has been successfully initialized! ${ CL } "
2025-01-14 23:08:15 +00:00
if [ " ${ CA_ACME } " = "yes" ] ; then
echo -e " ACME should be reachable at URL: https:// ${ CA_PRIMARY_DNS } /acme/{ $CA_ACME_NAME }/directory "
fi
