hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

shell script improvement

Browse source
This commit is contained in:
Henri Dohmen 2026-01-08 18:51:28 +01:00
parent 78fc46ef15
commit 73736b73ea
Signed by: hd
GPG key ID: AB79213B044674AE
2 changed files with 27 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bin/gen-syncthing-cert
View file

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
set -euo pipefail set -eu
tmp=$(mktemp -d) tmp=$(mktemp -d)
trap 'rm -rf -- "$tmp"' EXIT trap 'rm -rf -- "$tmp"' EXIT

10
bin/gen-tls-cert
View file

@ -18,6 +18,14 @@ openssl req -nodes \
-subj '/CN=lan' \ -subj '/CN=lan' \
| agenix -e secrets/tlskey.age | agenix -e secrets/tlskey.age
cat > "$tmp/extfile" << EOF
subjectAltName=DNS:roam.lan,DNS:*.roam.lan
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth
EOF
openssl x509 -req \ openssl x509 -req \
-CA "$tmp/ca.cert" \ -CA "$tmp/ca.cert" \
-CAkey "$tmp/ca.key" \ -CAkey "$tmp/ca.key" \
@ -25,6 +33,6 @@ openssl x509 -req \
-out pki/server.cert \ -out pki/server.cert \
-days 365 \ -days 365 \
-CAcreateserial \ -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:roam.lan,DNS:*.roam.lan\nauthorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage=digitalSignature,keyEncipherment\nextendedKeyUsage=serverAuth") -extfile "$tmp/extfile"
mv "$tmp/ca.cert" pki/ca.cert mv "$tmp/ca.cert" pki/ca.cert