mirror of
https://github.com/girlbossceo/conduwuit.git
synced 2025-03-14 12:45:37 +00:00
adjust complement cert generation
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
parent
0e2ca7d719
commit
df1edcf498
5 changed files with 53 additions and 16 deletions
|
@ -40,6 +40,7 @@ if [ ! -f "complement_oci_image.tar.gz" ]; then
|
||||||
# if using macOS, use linux-complement
|
# if using macOS, use linux-complement
|
||||||
#bin/nix-build-and-cache just .#linux-complement
|
#bin/nix-build-and-cache just .#linux-complement
|
||||||
bin/nix-build-and-cache just .#complement
|
bin/nix-build-and-cache just .#complement
|
||||||
|
#nix build -L .#complement
|
||||||
|
|
||||||
echo "complement conduwuit image tar.gz built at \"result\""
|
echo "complement conduwuit image tar.gz built at \"result\""
|
||||||
|
|
||||||
|
|
|
@ -47,6 +47,4 @@ sender_idle_timeout = 300
|
||||||
sender_retry_backoff_limit = 300
|
sender_retry_backoff_limit = 300
|
||||||
|
|
||||||
[global.tls]
|
[global.tls]
|
||||||
certs = "/certificate.crt"
|
|
||||||
dual_protocol = true
|
dual_protocol = true
|
||||||
key = "/private_key.key"
|
|
||||||
|
|
|
@ -42,25 +42,18 @@ let
|
||||||
start = writeShellScriptBin "start" ''
|
start = writeShellScriptBin "start" ''
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
${lib.getExe openssl} genrsa -out private_key.key 2048
|
cp ${./v3.ext} /complement/v3.ext
|
||||||
${lib.getExe openssl} req \
|
echo "DNS.1 = $SERVER_NAME" >> /complement/v3.ext
|
||||||
-new \
|
|
||||||
-sha256 \
|
|
||||||
-key private_key.key \
|
|
||||||
-subj "/C=US/ST=CA/O=MyOrg, Inc./CN=$SERVER_NAME" \
|
|
||||||
-out signing_request.csr
|
|
||||||
cp ${./v3.ext} v3.ext
|
|
||||||
echo "DNS.1 = $SERVER_NAME" >> v3.ext
|
|
||||||
echo "IP.1 = $(${lib.getExe gawk} 'END{print $1}' /etc/hosts)" \
|
echo "IP.1 = $(${lib.getExe gawk} 'END{print $1}' /etc/hosts)" \
|
||||||
>> v3.ext
|
>> /complement/v3.ext
|
||||||
${lib.getExe openssl} x509 \
|
${lib.getExe openssl} x509 \
|
||||||
-req \
|
-req \
|
||||||
-extfile v3.ext \
|
-extfile /complement/v3.ext \
|
||||||
-in signing_request.csr \
|
-in ${./signing_request.csr} \
|
||||||
-CA /complement/ca/ca.crt \
|
-CA /complement/ca/ca.crt \
|
||||||
-CAkey /complement/ca/ca.key \
|
-CAkey /complement/ca/ca.key \
|
||||||
-CAcreateserial \
|
-CAcreateserial \
|
||||||
-out certificate.crt \
|
-out /complement/certificate.crt \
|
||||||
-days 1 \
|
-days 1 \
|
||||||
-sha256
|
-sha256
|
||||||
|
|
||||||
|
@ -99,7 +92,8 @@ dockerTools.buildImage {
|
||||||
else [];
|
else [];
|
||||||
|
|
||||||
Env = [
|
Env = [
|
||||||
"SSL_CERT_FILE=/complement/ca/ca.crt"
|
"CONDUWUIT_TLS__KEY=${./private_key.key}"
|
||||||
|
"CONDUWUIT_TLS__CERTS=/complement/certificate.crt"
|
||||||
"CONDUWUIT_CONFIG=${./config.toml}"
|
"CONDUWUIT_CONFIG=${./config.toml}"
|
||||||
"RUST_BACKTRACE=full"
|
"RUST_BACKTRACE=full"
|
||||||
];
|
];
|
||||||
|
|
28
nix/pkgs/complement/private_key.key
Normal file
28
nix/pkgs/complement/private_key.key
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDS/odmZivxajeb
|
||||||
|
iyT7SMuhXqnMm+hF+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnT
|
||||||
|
LvGEvNNx0px5M54H+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a
|
||||||
|
09CphCFswO4PpxUUORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5ucc
|
||||||
|
ebGMmCoO660hROSTBaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUga
|
||||||
|
Qs/2tdT4kBzBH6kZOiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO
|
||||||
|
/Ncsro/fAgMBAAECggEAITCCkfv+a5I+vwvrPE/eIDso0JOxvNhfg+BLQVy3AMnu
|
||||||
|
WmeoMmshZeREWgcTrEGg8QQnk4Sdrjl8MnkO6sddJ2luza3t7OkGX+q7Hk5aETkB
|
||||||
|
DIo+f8ufU3sIhlydF3OnVSK0fGpUaBq8AQ6Soyeyrk3G5NVufmjgae5QPbDBnqUb
|
||||||
|
piOGyfcwagL4JtCbZsMk8AT7vQSynLm6zaWsVzWNd71jummLqtVV063K95J9PqVN
|
||||||
|
D8meEcP3WR5kQrvf+mgy9RVgWLRtVWN8OLZfJ9yrnl4Efj62elrldUj4jaCFezGQ
|
||||||
|
8f0W+d8jjt038qhmEdymw2MWQ+X/b0R79lJar1Up8QKBgQD1DtHxauhl+JUoI3y+
|
||||||
|
3eboqXl7YPJt1/GTnChb4b6D1Z1hvLsOKUa7hjGEfruYGbsWXBCRMICdfzp+iWcq
|
||||||
|
/lEOp7/YU9OaW4lQMoG4sXMoBWd9uLgg0E+aH6VDJOBvxsfafqM4ufmtspzwEm90
|
||||||
|
FU1cq6oImomFnPChSq4X+3+YpwKBgQDcalaK9llCcscWA8HAP8WVVNTjCOqiDp9q
|
||||||
|
td61E9IO/FIB/gW5y+JkaFRrA2CN1zY3s3K92uveLTNYTArecWlDcPNNFDuaYu2M
|
||||||
|
Roz4bC104HGh+zztJ0iPVzELL81Lgg6wHhLONN+eVi4gTftJxzJFXybyb+xVT25A
|
||||||
|
91ynKXB+CQKBgQC+Ub43MoI+/6pHvBfb3FbDByvz6D0flgBmVXb6tP3TQYmzKHJV
|
||||||
|
8zSd2wCGGC71V7Z3DRVIzVR1/SOetnPLbivhp+JUzfWfAcxI3pDksdvvjxLrDxTh
|
||||||
|
VycbWcxtsywjY0w/ou581eLVRcygnpC0pP6qJCAwAmUfwd0YRvmiYo6cLQKBgHIW
|
||||||
|
UIlJDdaJFmdctnLOD3VGHZMOUHRlYTqYvJe5lKbRD5mcZFZRI/OY1Ok3LEj+tj+K
|
||||||
|
kL+YizHK76KqaY3N4hBYbHbfHCLDRfWvptQHGlg+vFJ9eoG+LZ6UIPyLV5XX0cZz
|
||||||
|
KoS1dXG9Zc6uznzXsDucDsq6B/f4TzctUjXsCyARAoGAOKb4HtuNyYAW0jUlujR7
|
||||||
|
IMHwUesOGlhSXqFtP9aTvk6qJgvV0+3CKcWEb4y02g+uYftP8BLNbJbIt9qOqLYh
|
||||||
|
tOVyzCoamAi8araAhjA0w4dXvqDCDK7k/gZFkojmKQtRijoxTHnWcDc3vAjYCgaM
|
||||||
|
9MVtdgSkuh2gwkD/mMoAJXM=
|
||||||
|
-----END PRIVATE KEY-----
|
16
nix/pkgs/complement/signing_request.csr
Normal file
16
nix/pkgs/complement/signing_request.csr
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN CERTIFICATE REQUEST-----
|
||||||
|
MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRYwFAYDVQQK
|
||||||
|
DA13b29mZXJzLCBpbmMuMRgwFgYDVQQDDA9jb21wbGVtZW50LW9ubHkwggEiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS/odmZivxajebiyT7SMuhXqnMm+hF
|
||||||
|
+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnTLvGEvNNx0px5M54H
|
||||||
|
+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a09CphCFswO4PpxUU
|
||||||
|
ORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5uccebGMmCoO660hROST
|
||||||
|
BaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUgaQs/2tdT4kBzBH6kZ
|
||||||
|
OiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO/Ncsro/fAgMBAAGg
|
||||||
|
ADANBgkqhkiG9w0BAQsFAAOCAQEAjW+aD4E0phtRT5b2RyedY1uiSe7LQECsQnIO
|
||||||
|
wUSyGGG1GXYlJscyxxyzE9W9+QIALrxZkmc/+e02u+bFb1zQXW/uB/7u7FgXzrj6
|
||||||
|
2YSDiWYXiYKvgGWEfCi3lpcTJK9x6WWkR+iREaoKRjcl0ynhhGuR7YwP38TNyu+z
|
||||||
|
FN6B1Lo398fvJkaTCiiHngWiwztXZ2d0MxkicuwZ1LJhIQA72OTl3QoRb5uiqbze
|
||||||
|
T9QJfU6W3v8cB8c8PuKMv5gl1QsGNtlfyQB56/X0cMxWl25vWXd2ankLkAGRTDJ8
|
||||||
|
9YZHxP1ki4/yh75AknFq02nCOsmxYrAazCYgP2TzIPhQwBurKQ==
|
||||||
|
-----END CERTIFICATE REQUEST-----
|
Loading…
Add table
Reference in a new issue