From 862929cd515dbda0e34ebe55dc3b80d75ad734bb Mon Sep 17 00:00:00 2001 From: thorstenspille Date: Sun, 10 Sep 2023 11:25:55 +0200 Subject: [PATCH] Change dh param gen to function --- src/ansible-semaphore/install-service.sh | 2 +- src/gitea/install-service.sh | 2 +- src/kopano-core/install-service.sh | 2 +- src/nextcloud/install-service.sh | 2 +- src/vaultwarden/install-service.sh | 7 +++++-- src/zabbix/install-service.sh | 2 +- src/zammad/install-service.sh | 2 +- 7 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/ansible-semaphore/install-service.sh b/src/ansible-semaphore/install-service.sh index e242d25..864b278 100644 --- a/src/ansible-semaphore/install-service.sh +++ b/src/ansible-semaphore/install-service.sh @@ -212,7 +212,7 @@ echo "source <(semaphore completion bash)" >> /root/.bashrc semaphore user add --admin --login ${SEMAPHORE_ADMIN} --name ${SEMAPHORE_ADMIN_DISPLAY_NAME} --email ${SEMAPHORE_ADMIN_EMAIL} --password ${SEMAPHORE_ADMIN_PASSWORD} --config /etc/semaphore/config.json -openssl dhparam -out /etc/nginx/dhparam.pem 4096 +generate_dhparam systemctl daemon-reload systemctl enable --now semaphore.service diff --git a/src/gitea/install-service.sh b/src/gitea/install-service.sh index 40c8eef..bbda4c0 100644 --- a/src/gitea/install-service.sh +++ b/src/gitea/install-service.sh @@ -181,7 +181,7 @@ server { } EOF -openssl dhparam -out /etc/nginx/dhparam.pem 4096 +generate_dhparam systemctl daemon-reload systemctl enable --now gitea diff --git a/src/kopano-core/install-service.sh b/src/kopano-core/install-service.sh index b3644f4..7a76446 100644 --- a/src/kopano-core/install-service.sh +++ b/src/kopano-core/install-service.sh @@ -149,7 +149,7 @@ sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kop #### Adjust nginx settings #### openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/kopano.key -out /etc/ssl/certs/kopano.crt -subj "/CN=$KOPANO_FQDN" -addext "subjectAltName=DNS:$KOPANO_FQDN" -openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096 +generate_dhparam #mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak diff --git a/src/nextcloud/install-service.sh b/src/nextcloud/install-service.sh index 79d65c6..0974c0f 100644 --- a/src/nextcloud/install-service.sh +++ b/src/nextcloud/install-service.sh @@ -90,7 +90,7 @@ sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/ mkdir -p /etc/nginx/ssl openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nextcloud.key -out /etc/ssl/certs/nextcloud.crt -subj "/CN=$NEXTCLOUD_FQDN" -addext "subjectAltName=DNS:$NEXTCLOUD_FQDN" -openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096 +generate_dhparam mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak diff --git a/src/vaultwarden/install-service.sh b/src/vaultwarden/install-service.sh index 42a7b4e..db2f95b 100644 --- a/src/vaultwarden/install-service.sh +++ b/src/vaultwarden/install-service.sh @@ -40,7 +40,7 @@ ORG_CREATION_USERS=admin@$LXC_DOMAIN # Use `openssl rand -base64 48` to generate ADMIN_TOKEN=$admin_token # Uncomment this once vaults restored -SIGNUPS_ALLOWED=false +SIGNUPS_ALLOWED=$VW_SIGNUPS_ALLOWED SMTP_HOST=$VW_SMTP_HOST SMTP_FROM=$VW_SMTP_FROM SMTP_FROM_NAME="$VW_SMTP_FROM_NAME" @@ -154,7 +154,10 @@ server { } EOF -openssl dhparam -out /etc/nginx/dhparam.pem 4096 + +generate_dhparam + +unlink /etc/nginx/sites-enabled/default systemctl daemon-reload systemctl enable --now vaultwarden diff --git a/src/zabbix/install-service.sh b/src/zabbix/install-service.sh index 12eae4c..9a4ac6a 100644 --- a/src/zabbix/install-service.sh +++ b/src/zabbix/install-service.sh @@ -222,7 +222,7 @@ zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psq echo "DBPassword=${ZABBIX_DB_PWD}" >> /etc/zabbix/zabbix_server.conf -openssl dhparam -out /etc/nginx/dhparam.pem 4096 +generate_dhparam systemctl enable --now zabbix-server zabbix-agent nginx php8.2-fpm diff --git a/src/zammad/install-service.sh b/src/zammad/install-service.sh index 7a9f52a..a58a901 100644 --- a/src/zammad/install-service.sh +++ b/src/zammad/install-service.sh @@ -157,7 +157,7 @@ EOF ln -sf /etc/nginx/sites-available/zammad.conf /etc/nginx/sites-enabled/ -openssl dhparam -out /etc/nginx/dhparam.pem 4096 +generate_dhparam /usr/share/elasticsearch/bin/elasticsearch-plugin install -b ingest-attachment