first release
This commit is contained in:
Jörg Deckert
parent
f5060ee22b
commit
2a88d082cb
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) <year> <copyright holders>
|
||||
Copyright (c) 2023 Unitas Network GmbH
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
|
||||
13
Makefile
Normal file
13
Makefile
Normal file
@ -0,0 +1,13 @@
|
||||
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
|
||||
|
||||
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
|
||||
mkdir -p $(CHROOT)/usr/local/bin
|
||||
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
|
||||
|
||||
$(cert-renew.sh): appliance/cert-renew.sh
|
||||
mkdir -p $(CHROOT)/etc/ssl
|
||||
cp $< $@
|
||||
|
||||
preinstall:
|
||||
|
||||
postinstall: systemd-units $(cert-renew.sh)
|
||||
@ -1,3 +1,3 @@
|
||||
# va-proxy
|
||||
|
||||
Web ProxyAppliance for the Gentoo Virtual Appliance
|
||||
Web proxy appliance for the Gentoo Virtual Appliance
|
||||
|
||||
8
appliance/cert-renew.service
Normal file
8
appliance/cert-renew.service
Normal file
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/etc/ssl/cert-renew.sh
|
||||
52
appliance/cert-renew.sh
Executable file
52
appliance/cert-renew.sh
Executable file
@ -0,0 +1,52 @@
|
||||
#!/bin/bash
|
||||
|
||||
HOST="proxy"
|
||||
TLD="example.com"
|
||||
FQDN="$HOST.$TLD"
|
||||
LABEL="DATA"
|
||||
|
||||
CERT_DIR=/$LABEL/CERTS
|
||||
CERT_APACHE=/$LABEL/etc/ssl/apache2
|
||||
GETREPO=""
|
||||
GETUSER=""
|
||||
GETPASS=""
|
||||
|
||||
function getCurrentVersion() {
|
||||
# Get hash from latest revision
|
||||
git log --format=format:%H -1
|
||||
}
|
||||
|
||||
cd $CERT_DIR
|
||||
|
||||
if [ -z "$GETREPO" ]; then
|
||||
GIT_REVISION=0
|
||||
GIT_NEW_REVISION=1
|
||||
cd $FQDN
|
||||
elif [ ! -d "$FQDN" ]; then
|
||||
GIT_REVISION=0
|
||||
git clone "https://$GETUSER:$GETPASS@$GETREPO"
|
||||
cd $FQDN
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
else
|
||||
cd $FQDN
|
||||
GIT_REVISION=$(getCurrentVersion)
|
||||
git commit -m "CRON: auto commit"
|
||||
git fetch
|
||||
git merge origin/master -m "Auto Merge"
|
||||
GIT_NEW_REVISION=$(getCurrentVersion)
|
||||
fi
|
||||
|
||||
echo "old: $GIT_REVISION"
|
||||
echo "new: $GIT_NEW_REVISION"
|
||||
|
||||
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
|
||||
then
|
||||
echo "Update Apache certificate..."
|
||||
mkdir -p $CERT_APACHE
|
||||
cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt
|
||||
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key
|
||||
echo "Restarting Apache..."
|
||||
systemctl is-active --quiet apache2 && systemctl restart apache2
|
||||
fi
|
||||
|
||||
exit 0
|
||||
12
appliance/cert-renew.timer
Normal file
12
appliance/cert-renew.timer
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=renew certificates from git store
|
||||
RefuseManualStart=no
|
||||
RefuseManualStop=no
|
||||
|
||||
[Timer]
|
||||
Persistent=false
|
||||
OnCalendar=Sun *-*-* 04:03:00
|
||||
Unit=cert-renew.service
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
3
package.use
Normal file
3
package.use
Normal file
@ -0,0 +1,3 @@
|
||||
# Squid
|
||||
net-proxy/squid caps pam ldap samba sasl kerberos radius ssl snmp logrotate ecap ssl-crtd perl tproxy
|
||||
net-proxy/squidguard ldap
|
||||
Loading…
Reference in New Issue
Block a user