stop doing complement cert gen and just use self-signed cert
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
June Clementine Strawberry
parent
1d1ccec532
commit
5dea52f0f8
6 changed files with 46 additions and 36 deletions
|
|
@ -68,7 +68,7 @@ set +o pipefail
|
||||||
env \
|
env \
|
||||||
-C "$COMPLEMENT_SRC" \
|
-C "$COMPLEMENT_SRC" \
|
||||||
COMPLEMENT_BASE_IMAGE="$COMPLEMENT_BASE_IMAGE" \
|
COMPLEMENT_BASE_IMAGE="$COMPLEMENT_BASE_IMAGE" \
|
||||||
go test -tags="conduwuit_blacklist" -timeout 1h -json ./tests/... | tee "$LOG_FILE"
|
go test -tags="conduwuit_blacklist" -v -timeout 1h -json ./tests/... | tee "$LOG_FILE"
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
# Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
|
# Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
|
||||||
|
|
|
||||||
6
flake.lock
generated
6
flake.lock
generated
|
|
@ -80,11 +80,11 @@
|
||||||
"complement": {
|
"complement": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1741378155,
|
"lastModified": 1741757487,
|
||||||
"narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=",
|
"narHash": "sha256-Fkx/krwI3h6wJ6Mj199KlXUNJNEwl7h1pR4/d2ncmKw=",
|
||||||
"owner": "girlbossceo",
|
"owner": "girlbossceo",
|
||||||
"repo": "complement",
|
"repo": "complement",
|
||||||
"rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9",
|
"rev": "40982a261cfc36650f74967f99fb1a049b13e065",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
21
nix/pkgs/complement/certificate.crt
Normal file
21
nix/pkgs/complement/certificate.crt
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz
|
||||||
|
IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy
|
||||||
|
NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m
|
||||||
|
ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||||
|
AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt
|
||||||
|
/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88
|
||||||
|
awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp
|
||||||
|
L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK
|
||||||
|
K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl
|
||||||
|
8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV
|
||||||
|
HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy
|
||||||
|
ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw
|
||||||
|
DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ
|
||||||
|
irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+
|
||||||
|
HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e
|
||||||
|
VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3
|
||||||
|
y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d
|
||||||
|
jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -3,10 +3,8 @@
|
||||||
, buildEnv
|
, buildEnv
|
||||||
, coreutils
|
, coreutils
|
||||||
, dockerTools
|
, dockerTools
|
||||||
, gawk
|
|
||||||
, lib
|
, lib
|
||||||
, main
|
, main
|
||||||
, openssl
|
|
||||||
, stdenv
|
, stdenv
|
||||||
, tini
|
, tini
|
||||||
, writeShellScriptBin
|
, writeShellScriptBin
|
||||||
|
|
@ -42,21 +40,6 @@ let
|
||||||
start = writeShellScriptBin "start" ''
|
start = writeShellScriptBin "start" ''
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
cp ${./v3.ext} /complement/v3.ext
|
|
||||||
echo "DNS.1 = $SERVER_NAME" >> /complement/v3.ext
|
|
||||||
echo "IP.1 = $(${lib.getExe gawk} 'END{print $1}' /etc/hosts)" \
|
|
||||||
>> /complement/v3.ext
|
|
||||||
${lib.getExe openssl} x509 \
|
|
||||||
-req \
|
|
||||||
-extfile /complement/v3.ext \
|
|
||||||
-in ${./signing_request.csr} \
|
|
||||||
-CA /complement/ca/ca.crt \
|
|
||||||
-CAkey /complement/ca/ca.key \
|
|
||||||
-CAcreateserial \
|
|
||||||
-out /complement/certificate.crt \
|
|
||||||
-days 1 \
|
|
||||||
-sha256
|
|
||||||
|
|
||||||
${lib.getExe' coreutils "env"} \
|
${lib.getExe' coreutils "env"} \
|
||||||
CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
|
CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
|
||||||
${lib.getExe main'}
|
${lib.getExe main'}
|
||||||
|
|
@ -93,7 +76,7 @@ dockerTools.buildImage {
|
||||||
|
|
||||||
Env = [
|
Env = [
|
||||||
"CONDUWUIT_TLS__KEY=${./private_key.key}"
|
"CONDUWUIT_TLS__KEY=${./private_key.key}"
|
||||||
"CONDUWUIT_TLS__CERTS=/complement/certificate.crt"
|
"CONDUWUIT_TLS__CERTS=${./certificate.crt}"
|
||||||
"CONDUWUIT_CONFIG=${./config.toml}"
|
"CONDUWUIT_CONFIG=${./config.toml}"
|
||||||
"RUST_BACKTRACE=full"
|
"RUST_BACKTRACE=full"
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
-----BEGIN CERTIFICATE REQUEST-----
|
-----BEGIN CERTIFICATE REQUEST-----
|
||||||
MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRYwFAYDVQQK
|
MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK
|
||||||
DA13b29mZXJzLCBpbmMuMRgwFgYDVQQDDA9jb21wbGVtZW50LW9ubHkwggEiMA0G
|
DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS/odmZivxajebiyT7SMuhXqnMm+hF
|
ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH
|
||||||
+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnTLvGEvNNx0px5M54H
|
uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR
|
||||||
+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a09CphCFswO4PpxUU
|
xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb
|
||||||
ORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5uccebGMmCoO660hROST
|
o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B
|
||||||
BaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUgaQs/2tdT4kBzBH6kZ
|
hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe
|
||||||
OiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO/Ncsro/fAgMBAAGg
|
vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB
|
||||||
ADANBgkqhkiG9w0BAQsFAAOCAQEAjW+aD4E0phtRT5b2RyedY1uiSe7LQECsQnIO
|
CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79
|
||||||
wUSyGGG1GXYlJscyxxyzE9W9+QIALrxZkmc/+e02u+bFb1zQXW/uB/7u7FgXzrj6
|
ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3
|
||||||
2YSDiWYXiYKvgGWEfCi3lpcTJK9x6WWkR+iREaoKRjcl0ynhhGuR7YwP38TNyu+z
|
r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb
|
||||||
FN6B1Lo398fvJkaTCiiHngWiwztXZ2d0MxkicuwZ1LJhIQA72OTl3QoRb5uiqbze
|
XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK
|
||||||
T9QJfU6W3v8cB8c8PuKMv5gl1QsGNtlfyQB56/X0cMxWl25vWXd2ankLkAGRTDJ8
|
MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76
|
||||||
9YZHxP1ki4/yh75AknFq02nCOsmxYrAazCYgP2TzIPhQwBurKQ==
|
U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/
|
||||||
-----END CERTIFICATE REQUEST-----
|
-----END CERTIFICATE REQUEST-----
|
||||||
|
|
|
||||||
|
|
@ -4,3 +4,9 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
|
||||||
subjectAltName = @alt_names
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
[alt_names]
|
[alt_names]
|
||||||
|
DNS.1 = *.docker.internal
|
||||||
|
DNS.2 = hs1
|
||||||
|
DNS.3 = hs2
|
||||||
|
DNS.4 = hs3
|
||||||
|
DNS.5 = hs4
|
||||||
|
IP.1 = 127.0.0.1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue