add service to autogenerate TLS certificates

2025-08-17 17:12:13 -06:00 · 2022-04-30 22:54:35 +02:00 · 2022-04-30 22:54:35 +02:00 · 59d596b222
parent 4878eb2c45
commit 59d596b222
2 changed files with 24 additions and 1 deletions
--- a/contrib/cfssl.sh
+++ b/contrib/cfssl.sh
@ -7,7 +7,7 @@ srv_fqdn="$2"

 [ -z "$srv_fqdn" ] && {
 	echo "need arg 1: ca name"
-	echo "need arg 2: server fqdn"
+	echo "need arg 2: server fqdn and/or IPs, comma-separated"
 	echo "optional arg 3: if set, write cert into copyparty cfg"
 	exit 1
 }
--- a/contrib/systemd/cfssl.service
+++ b/contrib/systemd/cfssl.service
@ -0,0 +1,23 @@
+# systemd service which generates a new TLS certificate on each boot,
+# that way the one-year expiry time won't cause any issues --
+# just have everyone trust the ca.pem once every 10 years
+#
+# assumptions/placeholder values:
+#  * this script and copyparty runs as user "cpp"
+#  * copyparty repo is at ~cpp/dev/copyparty
+#  * CA is named partylan
+#  * server IPs = 10.1.2.3 and 192.168.123.1
+#  * server hostname = party.lan
+
+[Unit]
+Description=copyparty certificate generator
+Before=copyparty.service
+
+[Service]
+User=cpp
+Type=oneshot
+SyslogIdentifier=cpp-cert
+ExecStart=/bin/bash -c 'cd ~/dev/copyparty/contrib && ./cfssl.sh partylan 10.1.2.3,192.168.123.1,party.lan y'
+
+[Install]
+WantedBy=multi-user.target