move to own repository, update everything
This commit is contained in:
Jörg Deckert
parent
c3b6e318a3
commit
4d1b2a5292
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) <year> <copyright holders>
|
||||
Copyright (c) 2023 Freifunk Gera-Greiz
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
|
||||
19
Makefile
Normal file
19
Makefile
Normal file
@ -0,0 +1,19 @@
|
||||
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
|
||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||
|
||||
|
||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
|
||||
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
||||
|
||||
$(02firstboot): appliance/02firstboot.start
|
||||
mkdir -p $(CHROOT)/usr/local/bin
|
||||
cp $< $@
|
||||
touch $(CHROOT)/02firstboot
|
||||
|
||||
$(cert-renew.sh): appliance/cert-renew.sh
|
||||
mkdir -p $(CHROOT)/etc/ssl
|
||||
cp $< $@
|
||||
|
||||
preinstall:
|
||||
|
||||
postinstall: systemd-units $(02firstboot) $(cert-renew.sh)
|
||||
46
appliance/02firstboot.start
Executable file
46
appliance/02firstboot.start
Executable file
@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
|
||||
# variables
|
||||
LABEL="DATA"
|
||||
TLD="freifunk-gera-greiz.de"
|
||||
HOST="gwx"
|
||||
ORGNAME="Freifunk example gateway"
|
||||
|
||||
# start
|
||||
set -e
|
||||
|
||||
[ -e /01firstboot ] && exit 0
|
||||
[ -e /02firstboot ] || exit 0
|
||||
|
||||
# Certificate
|
||||
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
|
||||
# angepaßtes Zertifikat vorhanden (kein example)
|
||||
if [ ! -L /etc/ssl/cert-renew.sh ]; then
|
||||
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
|
||||
else
|
||||
rm -f "/etc/ssl/cert-renew.sh"
|
||||
fi
|
||||
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
|
||||
else
|
||||
echo 'Create example certificate...'
|
||||
mkdir -p "/$LABEL/CERTS/KEYS/"
|
||||
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
|
||||
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
|
||||
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
|
||||
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
|
||||
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
|
||||
fi
|
||||
|
||||
rm -rf /etc/ssl/nginx
|
||||
mkdir -p /etc/ssl
|
||||
ln -sf "/$LABEL/etc/ssl/nginx" "/etc/ssl/nginx"
|
||||
|
||||
/etc/ssl/cert-renew.sh
|
||||
|
||||
rm /02firstboot
|
||||
8
appliance/cert-renew.service
Normal file
8
appliance/cert-renew.service
Normal file
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/ssl/cert-renew.sh
|
||||
55
appliance/cert-renew.sh
Executable file
55
appliance/cert-renew.sh
Executable file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
|
||||
HOST="gwx"
|
||||
TLD="freifunk-gera-greiz.de"
|
||||
FQDN="$HOST.$TLD"
|
||||
LABEL="DATA"
|
||||
|
||||
CERT_DIR=/$LABEL/CERTS
|
||||
CERT_NGINX=/$LABEL/etc/ssl/nginx
|
||||
GETREPO=""
|
||||
GETUSER=""
|
||||
GETPASS=""
|
||||
|
||||
function getCurrentVersion() {
|
||||
# Get hash from latest revision
|
||||
git log --format=format:%H -1
|
||||
}
|
||||
|
||||
cd $CERT_DIR
|
||||
|
||||
if [ -z "$GETREPO" ]; then
|
||||
GIT_REVISION=0
|
||||
GIT_NEW_REVISION=1
|
||||
cd $FQDN
|
||||
elif [ ! -d "$FQDN" ]; then
|
||||
GIT_REVISION=0
|
||||
git clone "https://$GETUSER:$GETPASS@$GETREPO"
|
||||
cd $FQDN
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
else
|
||||
cd $FQDN
|
||||
GIT_REVISION=$(getCurrentVersion)
|
||||
git commit -m "CRON: auto commit"
|
||||
git fetch
|
||||
git merge origin/master -m "Auto Merge"
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
fi
|
||||
|
||||
echo "old: $GIT_REVISION"
|
||||
echo "new: $GIT_NEW_REVISION"
|
||||
|
||||
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
||||
then
|
||||
echo "Update Nginx certificate..."
|
||||
mkdir -p $CERT_NGINX
|
||||
cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_NGINX/nginx.pem
|
||||
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_NGINX/nginx.key
|
||||
chown nginx:nginx $CERT_NGINX/nginx.*
|
||||
chmod 444 $CERT_NGINX/nginx.pem
|
||||
chmod 400 $CERT_NGINX/nginx.key
|
||||
echo "Restarting Nginx..."
|
||||
systemctl is-active --quiet nginx && systemctl restart nginx
|
||||
fi
|
||||
|
||||
exit 0
|
||||
12
appliance/cert-renew.timer
Normal file
12
appliance/cert-renew.timer
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 03:33:00
|
||||
Unit=cert-renew.service
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
4146
kernel.config
Normal file
4146
kernel.config
Normal file
File diff suppressed because it is too large
Load Diff
14
package.accept_keywords
Normal file
14
package.accept_keywords
Normal file
@ -0,0 +1,14 @@
|
||||
## Freifunk
|
||||
#
|
||||
net-misc/bird
|
||||
net-vpn/tinc
|
||||
#
|
||||
# eigene Ebuilds
|
||||
dev-libs/libuecc
|
||||
net-misc/batctl
|
||||
net-misc/batman-adv
|
||||
net-misc/ecdsautils
|
||||
net-misc/ext-respondd
|
||||
net-misc/fastd
|
||||
net-misc/mesh-announce
|
||||
net-misc/tunneldigger
|
||||
6
package.use
Normal file
6
package.use
Normal file
@ -0,0 +1,6 @@
|
||||
app-misc/mime-types nginx
|
||||
media-libs/gd png fontconfig truetype
|
||||
net-analyzer/vnstat gd
|
||||
net-dns/dnsmasq auth-dns dhcp-tools
|
||||
net-misc/batman-adv bla dat mcast nc
|
||||
net-vpn/openvpn iproute2 passwordsave
|
||||
3
va-ffgw.cfg
Normal file
3
va-ffgw.cfg
Normal file
@ -0,0 +1,3 @@
|
||||
REPO_NAMES += ff-overlay
|
||||
REPO_URI_ff-overlay = https://github.com/ffggrz/ff-overlay.git
|
||||
KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
|
||||
26
world
Normal file
26
world
Normal file
@ -0,0 +1,26 @@
|
||||
net-analyzer/iptstate
|
||||
net-analyzer/nmap
|
||||
net-analyzer/tcpdump
|
||||
net-analyzer/traceroute
|
||||
net-analyzer/vnstat
|
||||
net-dns/bind-tools
|
||||
net-dns/dnsmasq
|
||||
net-firewall/ebtables
|
||||
net-firewall/ipt_netflow
|
||||
net-misc/batctl
|
||||
net-misc/batman-adv
|
||||
net-misc/bird
|
||||
net-misc/bridge-utils
|
||||
net-misc/ecdsautils
|
||||
net-misc/ext-respondd
|
||||
net-misc/fastd
|
||||
net-misc/iperf:3
|
||||
net-misc/mesh-announce
|
||||
net-misc/ntp
|
||||
net-misc/telnet-bsd
|
||||
net-misc/tunneldigger
|
||||
net-vpn/openvpn
|
||||
net-vpn/tinc
|
||||
sys-apps/texinfo
|
||||
sys-process/lsof
|
||||
www-servers/nginx
|
||||
Loading…
x
Reference in New Issue
Block a user