RedXen
/
Containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create per-daemon selfsigned certs

This commit is contained in:
Alex D. 2023-07-13 08:14:27 +00:00
parent 971057b801
commit e0136abc34
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
5 changed files with 78 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -30,4 +30,4 @@ clean:
.SUFFIXES:
# Somehow GNU make forgets these are intermediates if not explicitly stated, feel free to look into it *shrug*
.INTERMEDIATE: $(BUILD_IDS)
.SECONDARY: $(BUILD_IDS)

5
config.mk
View File

@ -22,3 +22,8 @@ daemons/postgres/${BUILD_ID_OUT}: daemons/postgres/% : \
daemons/postgres/postgresql.conf \
data/ca/% \
data/postgres-cert/%
daemons/murmurd/${BUILD_ID_OUT}: daemons/murmurd/% : \
daemons/murmurd/murmur.ini \
data/postgres-cert/% \
data/selfsigned/%

17
daemons/murmurd/Containerfile Normal file
View File

@ -0,0 +1,17 @@
FROM alpine:latest
ARG CONFIG=/etc/redxen/murmur/murmur.ini
RUN --network=host apk add qt5-qtbase-postgresql murmur
COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /etc/redxen/mumble-cert/ca.crt
COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/certs/mumble.crt /etc/redxen/mumble-cert/mumble.crt
COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/keys/mumble.key /etc/redxen/mumble-cert/mumble.key
COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /root/.postgresql/root.crt
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/murmur.crt /root/.postgresql/postgresql.crt
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/murmur.key /root/.postgresql/postgresql.key
ADD murmur.ini $CONFIG
ENV CONFIG $CONFIG
CMD murmurd -fg -ini $CONFIG

32
daemons/murmurd/murmur.ini Normal file
View File

@ -0,0 +1,32 @@
database=murmur
dbDriver=QPSQL
dbUsername=murmur
dbHost=localhost
dbPort=5432
#registerName="[RedXen] Good software lasts long!"
#registerPassword=MUMBLE_REGISTER_PASS
#registerUrl=https://redxen.eu/
#registerHostname=redxen.eu
#registerLocation=DE
host=
opusthreshold=10
bandwidth=150000
sslCA=/etc/redxen/mumble-cert/ca.crt
sslCert=/etc/redxen/mumble-cert/mumble.crt
sslKey=/etc/redxen/mumble-cert/mumble.key
port=64738
timeout=10
users=500
defaultchannel=1
channelname="[\x20-\x7e]{4,32}"
username="[\x20-\x7e]{2,32}"
welcometext="
<center><br />
<h1>RedXen Community</h1><br />
<a href="https://redxen.eu">[ Homepage ]</a> <a href="https://redxen.eu/telegram">[ Telegram ]</a> <a href="https://git.redxen.eu">[ Gitea ]</a> <a href="https://liberapay.com/RedXen/donate">[ Donate ]</a> <a href="mailto:caskd@redxen.eu">[ Contact ]</a><br />
Enjoy your stay!<br />
This server is powered by Alpine Linux<br />
</center>
"

32
data/selfsigned/Containerfile
View File

@ -2,18 +2,32 @@ FROM alpine:latest as generator
RUN --network=host apk add openssl
RUN mkdir "/redxen.eu"
COPY --from=redxen.eu/data/ca:latest "/redxen.eu" "/ca"
RUN mkdir -p "/redxen.eu/certs"
RUN mkdir -p "/redxen.eu/keys"
WORKDIR "/redxen.eu"
RUN openssl genrsa -out private.key 4096
RUN openssl req -new \
-x509 \
-days 365 \
-key private.key \
-out public.pem \
-subj '/O=RedXen/CN=redxen.eu'
# Mumble
RUN openssl req \
-new \
-utf8 \
-sha256 \
-key /ca/keys/ca.key \
-subj "/O=RedXen/CN=mumble" \
-nodes \
-keyout keys/mumble.key \
-out /tmp/mumble.csr
RUN cat public.pem private.key > fullchain.crt
RUN openssl x509 \
-req \
-in /tmp/mumble.csr \
-days 365 \
-CA /ca/certs/ca.crt \
-CAkey /ca/keys/ca.key \
-CAcreateserial \
-out certs/mumble.crt
FROM scratch