vnc gencert

markus-96 · Feb 15, 2021 · 0442ec3 · 0442ec3
1 parent c2df0c3
commit 0442ec3
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 6 deletions.
diff --git a/kvmd.install b/kvmd.install
@@ -1,7 +1,7 @@
 post_install() {
 	post_upgrade
 
-	echo "==> Generating KVMD certificate ..."
+	echo "==> Generating KVMD-Nginx certificate ..."
 	kvmd-gencert --do-the-thing
 }
 
@@ -19,6 +19,16 @@ post_upgrade() {
 
 	chown kvmd /var/lib/kvmd/msd || true
 
+	if [ ! -d /etc/kvmd/vnc/ssl ]; then
+		echo "==> Generating KVMD-VNC certificate ..."
+		kvmd-gencert --do-the-thing --vnc
+	fi
+
+	chown root:root /etc/kvmd/vnc/ssl
+	chown root:root /etc/kvmd/nginx/ssl
+	chmod 755 /etc/kvmd/vnc/ssl
+	chmod 755 /etc/kvmd/nginx/ssl
+
 	echo "==> Patching configs ..."
 	[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt
 	[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt

diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert
@@ -31,10 +31,16 @@ fi
 if [ "$1" != --do-the-thing ]; then
 	echo "This script will generate new self-signed SSL certificates for KVMD Nginx"
 	echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing,"
-	echo "append the option '--do-the-thing' to execute."
+	echo "append the option '--do-the-thing' to execute. You can also append --vnc"
+	echo "to generate a certificate for VNC not for Nginx."
 	exit 1
 fi
 
+target="nginx"
+if [ "$2" == --vnc ]; then
+	target="vnc"
+fi
+
 # XXX: Why ECC?
 # https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
 # https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
@@ -44,14 +50,14 @@ set -x
 
 export LC_ALL=C
 
-mkdir -p /etc/kvmd/nginx/ssl
-cd /etc/kvmd/nginx/ssl
+mkdir -p /etc/kvmd/$target/ssl
+cd /etc/kvmd/$target/ssl
 
 openssl ecparam -out server.key -name prime256v1 -genkey
 openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
 	-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
 
-chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl
+chown root:kvmd-$target /etc/kvmd/$target/ssl/*
 chmod 400 server.key
 chmod 444 server.crt
-chmod 750 /etc/kvmd/nginx/ssl
+chmod 755 /etc/kvmd/$target/ssl