From e0136abc3426b34aec855f0c9254a66bac4ec7d9 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Thu, 13 Jul 2023 08:14:27 +0000 Subject: [PATCH] Create per-daemon selfsigned certs --- Makefile | 2 +- config.mk | 5 +++++ daemons/murmurd/Containerfile | 17 +++++++++++++++++ daemons/murmurd/murmur.ini | 32 ++++++++++++++++++++++++++++++++ data/selfsigned/Containerfile | 32 +++++++++++++++++++++++--------- 5 files changed, 78 insertions(+), 10 deletions(-) create mode 100644 daemons/murmurd/Containerfile create mode 100644 daemons/murmurd/murmur.ini diff --git a/Makefile b/Makefile index c840cc8..796d4fe 100644 --- a/Makefile +++ b/Makefile @@ -30,4 +30,4 @@ clean: .SUFFIXES: # Somehow GNU make forgets these are intermediates if not explicitly stated, feel free to look into it *shrug* -.INTERMEDIATE: $(BUILD_IDS) +.SECONDARY: $(BUILD_IDS) diff --git a/config.mk b/config.mk index dfeeb1d..53ef52b 100644 --- a/config.mk +++ b/config.mk @@ -22,3 +22,8 @@ daemons/postgres/${BUILD_ID_OUT}: daemons/postgres/% : \ daemons/postgres/postgresql.conf \ data/ca/% \ data/postgres-cert/% + +daemons/murmurd/${BUILD_ID_OUT}: daemons/murmurd/% : \ + daemons/murmurd/murmur.ini \ + data/postgres-cert/% \ + data/selfsigned/% diff --git a/daemons/murmurd/Containerfile b/daemons/murmurd/Containerfile new file mode 100644 index 0000000..9f08872 --- /dev/null +++ b/daemons/murmurd/Containerfile @@ -0,0 +1,17 @@ +FROM alpine:latest +ARG CONFIG=/etc/redxen/murmur/murmur.ini + +RUN --network=host apk add qt5-qtbase-postgresql murmur + +COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /etc/redxen/mumble-cert/ca.crt +COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/certs/mumble.crt /etc/redxen/mumble-cert/mumble.crt +COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/keys/mumble.key /etc/redxen/mumble-cert/mumble.key + +COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /root/.postgresql/root.crt +COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/murmur.crt /root/.postgresql/postgresql.crt +COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/murmur.key /root/.postgresql/postgresql.key + +ADD murmur.ini $CONFIG + +ENV CONFIG $CONFIG +CMD murmurd -fg -ini $CONFIG diff --git a/daemons/murmurd/murmur.ini b/daemons/murmurd/murmur.ini new file mode 100644 index 0000000..e17bfb2 --- /dev/null +++ b/daemons/murmurd/murmur.ini @@ -0,0 +1,32 @@ +database=murmur +dbDriver=QPSQL +dbUsername=murmur +dbHost=localhost +dbPort=5432 +#registerName="[RedXen] Good software lasts long!" +#registerPassword=MUMBLE_REGISTER_PASS +#registerUrl=https://redxen.eu/ +#registerHostname=redxen.eu +#registerLocation=DE +host= +opusthreshold=10 +bandwidth=150000 +sslCA=/etc/redxen/mumble-cert/ca.crt +sslCert=/etc/redxen/mumble-cert/mumble.crt +sslKey=/etc/redxen/mumble-cert/mumble.key +port=64738 +timeout=10 +users=500 +defaultchannel=1 +channelname="[\x20-\x7e]{4,32}" +username="[\x20-\x7e]{2,32}" +welcometext=" +

+

RedXen Community


+[ Homepage ] [ Telegram ] [ Gitea ] [ Donate ] [ Contact ]
+Enjoy your stay!
+This server is powered by Alpine Linux
+
+ +" + diff --git a/data/selfsigned/Containerfile b/data/selfsigned/Containerfile index f2a7590..5c57615 100644 --- a/data/selfsigned/Containerfile +++ b/data/selfsigned/Containerfile @@ -2,18 +2,32 @@ FROM alpine:latest as generator RUN --network=host apk add openssl -RUN mkdir "/redxen.eu" +COPY --from=redxen.eu/data/ca:latest "/redxen.eu" "/ca" + +RUN mkdir -p "/redxen.eu/certs" +RUN mkdir -p "/redxen.eu/keys" + WORKDIR "/redxen.eu" -RUN openssl genrsa -out private.key 4096 -RUN openssl req -new \ - -x509 \ - -days 365 \ - -key private.key \ - -out public.pem \ - -subj '/O=RedXen/CN=redxen.eu' +# Mumble +RUN openssl req \ + -new \ + -utf8 \ + -sha256 \ + -key /ca/keys/ca.key \ + -subj "/O=RedXen/CN=mumble" \ + -nodes \ + -keyout keys/mumble.key \ + -out /tmp/mumble.csr -RUN cat public.pem private.key > fullchain.crt +RUN openssl x509 \ + -req \ + -in /tmp/mumble.csr \ + -days 365 \ + -CA /ca/certs/ca.crt \ + -CAkey /ca/keys/ca.key \ + -CAcreateserial \ + -out certs/mumble.crt FROM scratch