mirror of
https://github.com/alexbelgium/hassio-addons.git
synced 2026-01-30 08:27:40 +01:00
karakeep nobuild
This commit is contained in:
Alexandre
47
karakeep/rootfs/usr/local/bin/ssl-check-generate.sh
Normal file
47
karakeep/rootfs/usr/local/bin/ssl-check-generate.sh
Normal file
@@ -0,0 +1,47 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
# Check for required arguments
|
||||
if [ $# -ne 3 ]; then
|
||||
bashio::log.error "[ssl-check-generate.sh] missing: <certfile> <keyfile> <selfsigned>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
bashio::log.debug "SSL Certificate check"
|
||||
|
||||
renew_days=90
|
||||
|
||||
certfile="$1"
|
||||
keyfile="$2"
|
||||
selfsigned=${3:-true}
|
||||
|
||||
if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then
|
||||
if [ "$selfsigned" = "true" ]; then
|
||||
/usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile"
|
||||
exit 0
|
||||
else
|
||||
bashio::log.error "[ssl-check-generate.sh] either certfile, keyfile, or both are missing"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
enddate=$(openssl x509 -enddate -noout -in "$certfile" 2>/dev/null || true)
|
||||
if [ -n "$enddate" ]; then
|
||||
expiry_date=$(echo "$enddate" | cut -d= -f2 | sed 's/ GMT$//')
|
||||
expiry_ts=$(date -d "$expiry_date" +%s)
|
||||
now_ts=$(date +%s)
|
||||
days_left=$(( (expiry_ts - now_ts) / 86400 ))
|
||||
|
||||
if [ "$days_left" -le "$renew_days" ]; then
|
||||
bashio::log.info "Self-signed cert expiring in $days_left days, regenerating..."
|
||||
/usr/local/bin/ssl-keygen.sh "$certfile" "$keyfile"
|
||||
fi
|
||||
else
|
||||
bashio::log.error "Unable to determine ssl certificate expiry date"
|
||||
fi
|
||||
|
||||
if pgrep -x nginx >/dev/null 2>&1; then
|
||||
nginx -s reload
|
||||
fi
|
||||
57
karakeep/rootfs/usr/local/bin/ssl-keygen.sh
Normal file
57
karakeep/rootfs/usr/local/bin/ssl-keygen.sh
Normal file
@@ -0,0 +1,57 @@
|
||||
#!/command/with-contenv bashio
|
||||
# shellcheck shell=bash
|
||||
|
||||
set -e
|
||||
|
||||
# Check for required arguments
|
||||
if [ $# -ne 2 ]; then
|
||||
bashio::log.error "[ssl-keygen.sh] missing: <certfile> <keyfile>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
certfile="$1"
|
||||
keyfile="$2"
|
||||
|
||||
[ -f "$certfile" ] && rm -f "$certfile"
|
||||
[ -f "$keyfile" ] && rm -f "$keyfile"
|
||||
|
||||
mkdir -p "$(dirname "$certfile")" && mkdir -p "$(dirname "$keyfile")"
|
||||
|
||||
if ! hostname="$(bashio::info.hostname 2> /dev/null)" || [ -z "$hostname" ]; then
|
||||
hostname="homeassistant"
|
||||
fi
|
||||
tmp_openssl_cfg=$(mktemp)
|
||||
trap 'rm -f "$tmp_openssl_cfg"' EXIT
|
||||
|
||||
cat > "$tmp_openssl_cfg" <<EOF
|
||||
[req]
|
||||
default_bits = 4096
|
||||
prompt = no
|
||||
default_md = sha256
|
||||
req_extensions = req_ext
|
||||
distinguished_name = dn
|
||||
|
||||
[dn]
|
||||
CN = ${hostname}.local
|
||||
|
||||
[req_ext]
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = localhost
|
||||
DNS.2 = ${hostname}.local
|
||||
EOF
|
||||
|
||||
if ! openssl req -x509 -nodes -days 3650 \
|
||||
-newkey rsa:4096 \
|
||||
-keyout "$keyfile" \
|
||||
-out "$certfile" \
|
||||
-config "$tmp_openssl_cfg" \
|
||||
-extensions req_ext; then
|
||||
|
||||
# Certificate gen failed
|
||||
bashio::log.error "OpenSSL certificate generation failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
bashio::log.info "New self-signed certificate generated"
|
||||
Reference in New Issue
Block a user