first release
This commit is contained in:
parent
1c58735e57
commit
56d13fbd99
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT No Attribution
|
||||
|
||||
Copyright <YEAR> <COPYRIGHT HOLDER>
|
||||
Copyright 2025 Unitas Network GmbH
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this
|
||||
software and associated documentation files (the "Software"), to deal in the Software
|
||||
|
||||
24
Makefile
Normal file
24
Makefile
Normal file
@ -0,0 +1,24 @@
|
||||
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||
apache_conf = $(CHROOT)/etc/apache2/vhosts.d/default_vhost.include.applorig
|
||||
|
||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
|
||||
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
||||
|
||||
$(02firstboot): appliance/02firstboot.start
|
||||
mkdir -p $(CHROOT)/etc/local.d
|
||||
cp $< $@
|
||||
touch $(CHROOT)/02firstboot
|
||||
|
||||
$(cert-renew.sh): appliance/cert-renew.sh
|
||||
mkdir -p $(CHROOT)/etc/ssl
|
||||
cp $< $@
|
||||
|
||||
$(apache_conf): apache/default_vhost.include
|
||||
sed -i 's/-D LANGUAGE/-D LANGUAGE -D PHP/' $(CHROOT)/etc/conf.d/apache2
|
||||
mv $(CHROOT)/etc/apache2/vhosts.d/default_vhost.include $@
|
||||
cp $< $(CHROOT)/etc/apache2/vhosts.d/default_vhost.include
|
||||
|
||||
preinstall:
|
||||
|
||||
postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh)
|
||||
17
apache/default_vhost.include
Normal file
17
apache/default_vhost.include
Normal file
@ -0,0 +1,17 @@
|
||||
ServerName mailarchive.example.com
|
||||
ServerAlias mailarchive
|
||||
|
||||
ServerAdmin admin@example.com
|
||||
|
||||
DocumentRoot "/var/www/localhost/htdocs"
|
||||
<Directory "/var/www/localhost/htdocs">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyRequests off
|
||||
AllowEncodedSlashes NoDecode
|
||||
ProxyPass / http://localhost:8888/ nocanon
|
||||
ProxyPassReverse / http://localhost:8888/
|
||||
56
appliance/02firstboot.start
Executable file
56
appliance/02firstboot.start
Executable file
@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
|
||||
# variables
|
||||
LABEL="DATA"
|
||||
TLD="example.com"
|
||||
HOST="mailarchive"
|
||||
ORGNAME="mailarchive example"
|
||||
|
||||
# start
|
||||
set -e
|
||||
|
||||
[ -e /01firstboot ] && exit 0
|
||||
[ -e /02firstboot ] || exit 0
|
||||
|
||||
# Certificate
|
||||
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
|
||||
# angepaßtes Zertifikat vorhanden (kein example)
|
||||
if [ ! -L /etc/ssl/cert-renew.sh ]; then
|
||||
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
else
|
||||
rm -f "/etc/ssl/cert-renew.sh"
|
||||
fi
|
||||
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
|
||||
else
|
||||
echo 'Create example certificate...'
|
||||
mkdir -p "/$LABEL/CERTS/KEYS/"
|
||||
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
|
||||
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
|
||||
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
|
||||
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
||||
fi
|
||||
|
||||
rm -rf /etc/ssl/apache2
|
||||
mkdir -p /etc/ssl
|
||||
ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
|
||||
|
||||
/etc/ssl/cert-renew.sh
|
||||
|
||||
echo
|
||||
echo "Success!"
|
||||
echo
|
||||
|
||||
systemctl enable apache2
|
||||
systemctl enable benno
|
||||
|
||||
systemctl restart benno
|
||||
systemctl restart apache2
|
||||
|
||||
rm /02firstboot
|
||||
8
appliance/cert-renew.service
Normal file
8
appliance/cert-renew.service
Normal file
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/ssl/cert-renew.sh
|
||||
52
appliance/cert-renew.sh
Executable file
52
appliance/cert-renew.sh
Executable file
@ -0,0 +1,52 @@
|
||||
#!/bin/bash
|
||||
|
||||
HOST="mailarchive"
|
||||
TLD="example.com"
|
||||
FQDN="$HOST.$TLD"
|
||||
LABEL="DATA"
|
||||
|
||||
CERT_DIR=/$LABEL/CERTS
|
||||
CERT_APACHE=/$LABEL/etc/ssl/apache2
|
||||
GETREPO=""
|
||||
GETUSER=""
|
||||
GETPASS=""
|
||||
|
||||
function getCurrentVersion() {
|
||||
# Get hash from latest revision
|
||||
git log --format=format:%H -1
|
||||
}
|
||||
|
||||
cd $CERT_DIR
|
||||
|
||||
if [ -z "$GETREPO" ]; then
|
||||
GIT_REVISION=0
|
||||
GIT_NEW_REVISION=1
|
||||
cd $FQDN
|
||||
elif [ ! -d "$FQDN" ]; then
|
||||
GIT_REVISION=0
|
||||
git clone "https://$GETUSER:$GETPASS@$GETREPO"
|
||||
cd $FQDN
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
else
|
||||
cd $FQDN
|
||||
GIT_REVISION=$(getCurrentVersion)
|
||||
git commit -m "CRON: auto commit"
|
||||
git fetch
|
||||
git merge origin/master -m "Auto Merge"
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
fi
|
||||
|
||||
echo "old: $GIT_REVISION"
|
||||
echo "new: $GIT_NEW_REVISION"
|
||||
|
||||
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
||||
then
|
||||
echo "Update Apache certificate..."
|
||||
mkdir -p $CERT_APACHE
|
||||
cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt
|
||||
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key
|
||||
echo "Restarting Apache..."
|
||||
systemctl is-active --quiet apache2 && systemctl restart apache2
|
||||
fi
|
||||
|
||||
exit 0
|
||||
12
appliance/cert-renew.timer
Normal file
12
appliance/cert-renew.timer
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 04:03:00
|
||||
Unit=cert-renew.service
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
2
package.accept_keywords
Normal file
2
package.accept_keywords
Normal file
@ -0,0 +1,2 @@
|
||||
# benno-web
|
||||
dev-perl/Data-Float
|
||||
7
package.use
Normal file
7
package.use
Normal file
@ -0,0 +1,7 @@
|
||||
# Apache
|
||||
app-eselect/eselect-php apache2
|
||||
dev-lang/php apache2 curl pdo sqlite
|
||||
www-servers/apache apache2_modules_proxy apache2_modules_proxy_connect apache2_modules_proxy_http
|
||||
|
||||
# Benno
|
||||
dev-java/openjdk-jre-bin headless-awt
|
||||
2
va-benno.cfg
Normal file
2
va-benno.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
REPO_NAMES += unitas-mail
|
||||
REPO_URI_unitas-mail = https://git.unitas-network.de/Gentoo/unitas-mail.git
|
||||
Loading…
x
Reference in New Issue
Block a user