better ssl cert scripts

padhi-homelab · Dec 9, 2024 · f49e6d6 · f49e6d6
1 parent 01dd712
commit f49e6d6
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 10 deletions.
diff --git a/influxdb/docker-compose.up.pre_hook.sh b/influxdb/docker-compose.up.pre_hook.sh
@@ -5,15 +5,30 @@ set -Eumo pipefail
 SELF_DIR="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
 DATA_DIR="$SELF_DIR/data"
 
-echo -n "[~] Checking for default certificates: "
+CERT_FILENAME="default.crt"
+KEY_FILENAME="default.key"
+
+TRAEFIK_DATA_DIR="$SELF_DIR/../traefik/data"
+TRAEFIK_CERT_FILE="$TRAEFIK_DATA_DIR/traefik/cert/default.crt"
+TRAEFIK_KEY_FILE="$TRAEFIK_DATA_DIR/traefik/cert/default.key"
+
+echo -n "[~] Checking for default SSL certificate: "
 cd "$DATA_DIR/influxdb/cert"
 
-[ -f "default.crt" ] && [ -f "default.key" ] && \
-    echo 'EXIST' && exit 0
+if [ -f "$CERT_FILENAME" ] && [ -f "$KEY_FILENAME" ] ; then
+    echo "${_fg_green_}EXISTS${_normal_}" && exit 0
+fi
+
+! [ -f "$TRAEFIK_CERT_FILE" ] || cp "$TRAEFIK_CERT_FILE" "$CERT_FILENAME"
+! [ -f "$TRAEFIK_KEY_FILE" ] || cp "$TRAEFIK_KEY_FILE" "$KEY_FILENAME"
+
+if [ -f "$CERT_FILENAME" ] && [ -f "$KEY_FILENAME" ] ; then
+    echo "${_fg_cyan_}${_bold_}TRAEFIK${_normal_}" && exit 0
+fi
 
 openssl req -x509 -newkey rsa:4096 -sha512 -days 3650 -nodes \
             -subj "/CN=${SERVER_LAN_FQDN}" \
             -addext "subjectAltName=DNS:${SERVER_LAN_FQDN}" \
-            -keyout default.key -out default.crt \
+            -keyout "$KEY_FILENAME" -out "$CERT_FILENAME" \
             2> /dev/null
-echo 'GENERATED!'
+echo "${_fg_magenta_}${_bold_}GENERATED!${_normal_}"
diff --git a/traefik/docker-compose.up.pre_hook.sh b/traefik/docker-compose.up.pre_hook.sh
@@ -5,15 +5,19 @@ set -Eumo pipefail
 SELF_DIR="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
 DATA_DIR="$SELF_DIR/data"
 
-echo -n "[~] Checking for default certificates: "
+CERT_FILENAME="default.crt"
+KEY_FILENAME="default.key"
+
+echo -n "[~] Checking for default SSL certificate: "
 cd "$DATA_DIR/traefik/cert"
 
-[ -f "default.crt" ] && [ -f "default.key" ] && \
-    echo 'EXIST' && exit 0
+if [ -f "$CERT_FILENAME" ] && [ -f "$KEY_FILENAME" ] ; then
+    echo "${_fg_green_}EXISTS${_normal_}" && exit 0
+fi
 
 openssl req -x509 -newkey rsa:4096 -sha512 -days 3650 -nodes \
             -subj "/CN=${SERVER_LAN_FQDN}" \
             -addext "subjectAltName=DNS:${SERVER_LAN_FQDN}" \
-            -keyout default.key -out default.crt \
+            -keyout "$KEY_FILENAME" -out "$CERT_FILENAME" \
             2> /dev/null
-echo 'GENERATED!'
+echo "${_fg_magenta_}${_bold_}GENERATED!${_normal_}"
diff --git a/unifi/docker-compose.up.pre_hook.sh b/unifi/docker-compose.up.pre_hook.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -Eumo pipefail
+
+SELF_DIR="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
+DATA_DIR="$SELF_DIR/data"
+
+CERT_FILENAME="cert.pem"
+KEY_FILENAME="privkey.pem"
+
+TRAEFIK_DATA_DIR="$SELF_DIR/../traefik/data"
+TRAEFIK_CERT_FILE="$TRAEFIK_DATA_DIR/traefik/cert/default.crt"
+TRAEFIK_KEY_FILE="$TRAEFIK_DATA_DIR/traefik/cert/default.key"
+
+echo -n "[~] Checking for default SSL certificate: "
+cd "$DATA_DIR/unifi/usr/lib/unifi/cert"
+
+if [ -f "$CERT_FILENAME" ] && [ -f "$KEY_FILENAME" ] ; then
+    echo "${_fg_green_}EXISTS${_normal_}" && exit 0
+fi
+
+! [ -f "$TRAEFIK_CERT_FILE" ] || cp "$TRAEFIK_CERT_FILE" "$CERT_FILENAME"
+! [ -f "$TRAEFIK_KEY_FILE" ] || cp "$TRAEFIK_KEY_FILE" "$KEY_FILENAME"
+
+if [ -f "$CERT_FILENAME" ] && [ -f "$KEY_FILENAME" ] ; then
+    echo "${_fg_cyan_}${_bold_}TRAEFIK${_normal_}" && exit 0
+fi
+
+openssl req -x509 -newkey rsa:4096 -sha512 -days 3650 -nodes \
+            -subj "/CN=${SERVER_LAN_FQDN}" \
+            -addext "subjectAltName=DNS:${SERVER_LAN_FQDN}" \
+            -keyout "$KEY_FILENAME" -out "$CERT_FILENAME" \
+            2> /dev/null
+echo "${_fg_magenta_}${_bold_}GENERATED!${_normal_}"