martin/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE synced 2025-02-07 00:09:18 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

- Update motd

Browse Source 
- Disable policy update due to issues
- Small updates
This commit is contained in:
fwiegerinck 2025-01-15 23:26:57 +01:00
parent c1f48e92c9
commit 4494fbb0b9
1 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
install/alpine-step-ca-install.sh
View File

@ -41,31 +41,27 @@ msg_ok "Installed Alpine Step-CA"
config_dir="/etc/step-ca" config_dir="/etc/step-ca"
passwd_file="${config_dir}/password.txt" passwd_file="${config_dir}/password.txt"
msg_info "Generate CA secret" msg_info "Generate CA secrets"
CA_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)" CA_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
$STD cat <<EOF >${passwd_file} $STD cat <<EOF >${passwd_file}
${CA_PASS} ${CA_PASS}
EOF EOF
msg_ok "Generated CA secret stored in ${passwd_file}" msg_ok "Generated CA secrets"
msg_info "Initialize base CA" msg_info "Initialize base CA"
$STD step ca init --name "${CA_NAME}" $CA_DNS --password-file /etc/step-ca/password.txt --deployment-type standalone --address ":443" --provisioner admin $STD step ca init --name "${CA_NAME}" $CA_DNS --password-file ${passwd_file} --deployment-type standalone --address ":443" --provisioner admin
for dns_entry in "${x509_policy_dns[@]}"; do #for dns_entry in "${x509_policy_dns[@]}"; do
$STD step ca policy authority x509 allow dns "${dns_entry}" # $STD step ca policy authority x509 allow dns "${dns_entry}"
done #done
for ip_entry in "${x509_policy_ips[@]}"; do #for ip_entry in "${x509_policy_ips[@]}"; do
$STD step ca policy authority x509 allow ip ${ip_entry} # $STD step ca policy authority x509 allow ip ${ip_entry}
done #done
if [ "${CA_ACME}" = "yes" ]; then if [ "${CA_ACME}" = "yes" ]; then
msg_info "Initialize ACME for CA" msg_info "Initialize ACME for CA"
$STD step ca provisioner add ${CA_ACME_NAME} --type ACME $STD step ca provisioner add ${CA_ACME_NAME} --type ACME --x509-min-dur=20m --x509-max-dur=32h --x509-default-dur=24h
$STD step ca provisioner update ${CA_ACME_NAME} --x509-min-dur=20m --x509-max-dur=32h --x509-default-dur=24h
fi
if [ "${CA_SSH}" = "yes" ]; then
msg_info "Inititialize CA for SSH"
fi fi
msg_ok "Finished initialization of CA" msg_ok "Finished initialization of CA"
@ -76,4 +72,9 @@ $STD rc-update add step-ca default
msg_ok "Started Alpine Step-CA" msg_ok "Started Alpine Step-CA"
motd_ssh motd_ssh
# add fingerprint to motd
ca_root_fingerprint=${step certificate fingerprint root_${STEPPATH}/certs/ca.crt}
echo -e "${TAB}${DEFAULT}${YW} Fingerprint CA Root Certificate: ${GN}${ca_root_fingerprint}${CL}" >> /etc/motd
customize customize