From 59d596b22296f666837659da7b18dcbfbb9bfccf Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sat, 30 Apr 2022 22:54:35 +0200
Subject: [PATCH] add service to autogenerate TLS certificates

---
 contrib/cfssl.sh              |  2 +-
 contrib/systemd/cfssl.service | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 contrib/systemd/cfssl.service

diff --git a/contrib/cfssl.sh b/contrib/cfssl.sh
index c3a8f68e..03c9d081 100755
--- a/contrib/cfssl.sh
+++ b/contrib/cfssl.sh
@@ -7,7 +7,7 @@ srv_fqdn="$2"
 
 [ -z "$srv_fqdn" ] && {
 	echo "need arg 1: ca name"
-	echo "need arg 2: server fqdn"
+	echo "need arg 2: server fqdn and/or IPs, comma-separated"
 	echo "optional arg 3: if set, write cert into copyparty cfg"
 	exit 1
 }
diff --git a/contrib/systemd/cfssl.service b/contrib/systemd/cfssl.service
new file mode 100644
index 00000000..235b6656
--- /dev/null
+++ b/contrib/systemd/cfssl.service
@@ -0,0 +1,23 @@
+# systemd service which generates a new TLS certificate on each boot,
+# that way the one-year expiry time won't cause any issues --
+# just have everyone trust the ca.pem once every 10 years
+#
+# assumptions/placeholder values:
+#  * this script and copyparty runs as user "cpp"
+#  * copyparty repo is at ~cpp/dev/copyparty
+#  * CA is named partylan
+#  * server IPs = 10.1.2.3 and 192.168.123.1
+#  * server hostname = party.lan
+
+[Unit]
+Description=copyparty certificate generator
+Before=copyparty.service
+
+[Service]
+User=cpp
+Type=oneshot
+SyslogIdentifier=cpp-cert
+ExecStart=/bin/bash -c 'cd ~/dev/copyparty/contrib && ./cfssl.sh partylan 10.1.2.3,192.168.123.1,party.lan y'
+
+[Install]
+WantedBy=multi-user.target