homeassistant letsencrypt
This commit is contained in:
parent
4136f819a5
commit
c98b8c6f05
5 changed files with 70 additions and 7 deletions
|
@ -31,6 +31,12 @@ deploy_cert() {
|
|||
% for domain, conf in sorted(domains.items()):
|
||||
<% if not conf: continue %>\
|
||||
${domain})
|
||||
% if conf.get('scp', None):
|
||||
scp "$KEYFILE" "${conf['scp']}/${conf.get('privkey_name', 'privkey.pem')}"
|
||||
scp "$CERTFILE" "${conf['scp']}/${conf.get('cert_name', 'cert.pem')}"
|
||||
scp "$FULLCHAINFILE" "${conf['scp']}/${conf.get('fullchain_name', 'fullchain.pem')}"
|
||||
scp "$CHAINFILE" "${conf['scp']}/${conf.get('chain_name', 'chain.pem')}"
|
||||
% endif
|
||||
% if conf.get('location', None):
|
||||
cat "$KEYFILE" > "${conf['location']}/${conf.get('privkey_name', 'privkey.pem')}"
|
||||
cat "$CERTFILE" > "${conf['location']}/${conf.get('cert_name', 'cert.pem')}"
|
||||
|
|
|
@ -66,13 +66,7 @@ files = {
|
|||
],
|
||||
},
|
||||
'/etc/ssh/ssh_known_hosts': {
|
||||
'content': '\n'.join(sorted(
|
||||
line
|
||||
for other_node in repo.nodes
|
||||
if other_node != node
|
||||
and other_node.has_bundle('ssh')
|
||||
for line in other_node.metadata.get('ssh/is_known_as')
|
||||
)) + '\n',
|
||||
'content': '\n'.join(sorted(node.metadata.get('ssh/known_hosts'))) + '\n',
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ defaults = {
|
|||
'ssh': {
|
||||
'multiplex_incoming': True,
|
||||
'is_known_as': set(), # known_hosts for other nodes
|
||||
'known_hosts': set(), # known_hosts for this node
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -86,3 +87,20 @@ def is_known_as(metadata):
|
|||
),
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'ssh/known_hosts',
|
||||
)
|
||||
def known_hosts(metadata):
|
||||
return {
|
||||
'ssh': {
|
||||
'known_hosts': set(
|
||||
line
|
||||
for other_node in repo.nodes
|
||||
if other_node != node
|
||||
and other_node.has_bundle('ssh')
|
||||
for line in other_node.metadata.get('ssh/is_known_as')
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,5 +11,36 @@
|
|||
'gateway4': '10.0.0.1',
|
||||
},
|
||||
},
|
||||
'dns': {
|
||||
'homeassistant.ckn.li': {
|
||||
'A': {
|
||||
'10.0.0.16',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
# LETSENCRYPT
|
||||
# - cant use the letsencrypt addon, because it doesnt suppeort supplying a different zone (which would be acme.sublimity.de)
|
||||
|
||||
# Advanced SSH & Web Terminal:
|
||||
#
|
||||
# username: root
|
||||
# password: ""
|
||||
# authorized_keys:
|
||||
# - >-
|
||||
# ssh-ed25519
|
||||
# AAAAC3NzaC1lZDI1NTE5AAAAIJT9Spe+BYue7iiutl3rSf6PlU6dthHizyK+ZWnLodrA
|
||||
# root@home.server
|
||||
# sftp: true
|
||||
# compatibility_mode: false
|
||||
# allow_agent_forwarding: false
|
||||
# allow_remote_port_forwarding: false
|
||||
# allow_tcp_forwarding: false
|
||||
|
||||
# add to /homeassistant/configuration.yaml:
|
||||
# http:
|
||||
# http_port: 443
|
||||
# ssl_certificate: /ssl/fullchain.pem
|
||||
# ssl_key: /ssl/privkey.pem
|
||||
|
|
|
@ -100,6 +100,13 @@
|
|||
'readonly_token': '!decrypt:encrypt$gAAAAABg3z1-0hnUdzsfivocxhJm58YnPLn96OUvnHiPaehdRhKd6TZBgEPc5YyR07t2-GEUfOvEwoie-O6QsVhWYxrwxNTBXux_iUSx7W6e-fLQA_3MgWf5G97q_3kx_wCgQ6V0iKRyxH988TpNSMACfS4WhCXdSes1CaMpic4VV3S3ox_gCrSHxO7yVXQkJDnOW0MixY5T',
|
||||
'writeonly_token': '!decrypt:encrypt$gAAAAABg3z6fGrOy2tNdo03RoYAXmpJoJYkfhBfpblPh_wxYfqmdjtABaD7XyV9mSh9xl8oWQlTAtCk9KndVCDQy7BJ-ju7S3HCKJ0k244Y5YKxUnQtqt9fc9nnm8XD-NOJqLKyfy0QhL_I8dFT02pygoJeCUR5NkZcTKf6julb-iGXI6vWcQgolJTYrW643pHObd-Z-vIEl',
|
||||
},
|
||||
'letsencrypt': {
|
||||
'domains': {
|
||||
'homeassistant.ckn.li': {
|
||||
'scp': 'root@10.0.0.16:/ssl',
|
||||
},
|
||||
},
|
||||
},
|
||||
'mosquitto': {
|
||||
'hostname': 'mqtt.sublimity.de',
|
||||
'users': {
|
||||
|
@ -134,6 +141,13 @@
|
|||
'windows-backup': {},
|
||||
},
|
||||
},
|
||||
'ssh': {
|
||||
'known_hosts': libs.ssh.known_hosts_entry_for(
|
||||
node_id='3d67964d-1270-4d3c-b93f-9c44219b3d59',
|
||||
hostnames=('homeassistant.ckn.li', '10.0.0.16'),
|
||||
pubkey='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9SOqQ7tcJAOWOZkbQwFLOEfqpILuiDmeMHAEiY9G/I',
|
||||
),
|
||||
},
|
||||
'steam_chat_logger': {
|
||||
'STEAM_USERNAME': 'snake_452',
|
||||
'STEAM_ID': 'STEAM_0:0:12376499',
|
||||
|
|
Loading…
Reference in a new issue