From d43cdbc412d6548447d3d4c6238fc56c99e09d98 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Tue, 19 Jan 2021 21:58:10 +0100
Subject: space_server: radius: use letsencrypt certificate

---
 roles/space_server/files/radius/bootstrap | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100755 roles/space_server/files/radius/bootstrap

(limited to 'roles/space_server/files/radius/bootstrap')

diff --git a/roles/space_server/files/radius/bootstrap b/roles/space_server/files/radius/bootstrap
new file mode 100755
index 0000000..376aa78
--- /dev/null
+++ b/roles/space_server/files/radius/bootstrap
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+certname=space.labitat.dk
+privkey="/etc/letsencrypt/live/$certname/privkey.pem"
+fullchain="/etc/letsencrypt/live/$certname/fullchain.pem"
+
+umask 027
+cd "$(dirname $0)"
+
+if [ ! -f dh ]; then
+  openssl dhparam -out dh 2048
+  chown root:radiusd dh
+  chmod 640 dh
+fi
+
+if ! diff -q "$privkey" privkey.pem >/dev/null 2>&1; then
+  install -m640 -o root -g radiusd "$privkey" privkey.pem
+fi
+
+if ! diff -q "$fullchain" fullchain.pem >/dev/null 2>&1; then
+  install -m640 -o root -g radiusd "$fullchain" fullchain.pem
+fi
+
+openssl verify -untrusted fullchain.pem fullchain.pem
+
+# vim: set ts=2 sw=2 et:
-- 
cgit v1.2.1