jim
/
MythicSalt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure new certificates are readably by ssl-cert group members.

This commit is contained in:
Jim Hague 2023-09-06 14:22:51 +01:00
parent f6185d6443
commit 46549c6863
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
states/certificates/dehydrated/hooks/deploy.sh
View File

@ -1,7 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Copy dehydrated generated certs into /var/local/certificates and # Copy dehydrated generated certs into /var/local/certificates and
# set required ownership. Also restart local services as appropriate. # set required ownership and permissions. Also restart local services
# as appropriate.
action=$1 action=$1
shift shift
@ -9,6 +10,8 @@ shift
deploy_cert() { deploy_cert() {
cp -a /var/lib/dehydrated/certs/* /var/local/certificates/ cp -a /var/lib/dehydrated/certs/* /var/local/certificates/
chown -R root:ssl-cert /var/local/certificates/ chown -R root:ssl-cert /var/local/certificates/
find /var/local/certificates/ -type d -print0 | xargs -0 chmod g+rx
find /var/local/certificates/ -type f -print0 | xargs -0 chmod g+r
DOMAIN="$1" DOMAIN="$1"
case $DOMAIN in case $DOMAIN in