#!/bin/bash
#
# Import certs into nodes.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program. If not, see
# .
# Load
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load
# Parameters
NODES="$*"
PRIVATE="/etc/ssl/private"
SERVICES="apache2 postfix dovecot nginx lighttpd mumble"
# Build node list
if [ -z "$NODES" ]; then
NODES="`hydra $HYDRA nodes`"
fi
# Check if there are certs at all
if [ ! -d "$HYDRA_FOLDER/keyring/keys/ssl" ]; then
echo "Please create some certs first :)"
exit 1
fi
# Deploy
for node in $NODES; do
hostname="`hydra_get_fqdn_from_nodename $node`"
echo "-----------------------------------------------------"
echo "Importing certs and keys into $hostname:/etc/ssl... "
echo "-----------------------------------------------------"
echo "Creating folder structure at $hostname:/etc/ssl..."
$HYDRA_CONNECT $hostname < /dev/null"
echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
keyringer $HYDRA decrypt ssl/$priv | \
$HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
# Post-processing
$HYDRA_CONNECT $hostname < /dev/null
# Restart services
for service in $SERVICES; do
if systemctl list-units | grep active | grep -q \$service'.service'; then
sudo service \$service restart
fi
done
EOF
done
done