Running ~./inst CA~ creates the new CA and keys. The command prompts
for the Common Name (or several levels of Organizational names) of the
certificate authority. The ~full_name~ is given: ~Small Institute
-LLC~. The CA is used to issue certificates for ~front~, ~gate~ and
-~core~, which are installed on the servers during the next ~./inst
-config~.
+LLC~. The CA is used to issue certificates for ~front~ and ~core~
+that will be installed on their servers by the next ~./inst config~.
#+CAPTION: [[file:inst][=inst=]]
#+BEGIN_SRC perl :tangle inst
die "Secret/CA/easyrsa: not an executable\n"
if ! -x "Secret/CA/easyrsa";
die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki";
+ die "gpg: command not found" if system "which -s gpg";
+ die "ssh-keygen: command not found" if system "which -s ssh-keygen";
umask 077;
mysystem "cd Secret/CA; ./easyrsa init-pki";
my $dom = $domain_name;
my $pvt = $domain_priv;
- mysystem "cd Secret/CA; ./easyrsa build-server-full $dom nopass";
- mysystem "cd Secret/CA; ./easyrsa build-server-full core.$pvt nopass";
- umask 077;
+
+ mysystem ("cd Secret/CA;",
+ "./easyrsa build-server-full $dom nopass");
+ mysystem ("cd Secret/CA;",
+ "./easyrsa build-server-full core.$pvt nopass");
mysystem "mkdir --mode=700 Secret/root.gnupg";
mysystem ("gpg --homedir Secret/root.gnupg",
"root\@core.$pvt");
chmod 0440, "root-pub.pem";
mysystem ("gpg --homedir Secret/root.gnupg",
- "--export-secret-key --armor --output Secret/root-sec.pem",
+ "--export-secret-key --armor",
+ "--output Secret/root-sec.pem",
"root\@core.$pvt");
chmod 0400, "root-sec.pem";
mysystem "mkdir Secret/ssh_monkey";
chmod 0700, "Secret/ssh_monkey";
mysystem "echo 'HashKnownHosts no' >Secret/ssh_monkey/config";
- mysystem ("ssh-keygen -q -t ed25519",
- "-C monkey\@core.$domain_priv",
+ mysystem ("ssh-keygen -q -t ed25519 -C monkey\@core.$pvt",
"-N '' -f Secret/ssh_monkey/id_ed25519");
+
+ mysystem "mkdir --mode=700 Secret/opendkim";
+ if (system "which opendkim-genkey") {
+ warn "opendkim-genkey: command not found, skipped"
+ } else {
+ mysystem ("opendkim-genkey -D Secret/opendkim",
+ "-b 2048 -d $dom -s default -S");
+ }
exit;
}
#+END_SRC
die "Secret/CA/easyrsa: not an executable\n"
if ! -x "Secret/CA/easyrsa";
die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki";
+ die "gpg: command not found" if system "which -s gpg";
+ die "ssh-keygen: command not found" if system "which -s ssh-keygen";
umask 077;
mysystem "cd Secret/CA; ./easyrsa init-pki";
my $dom = $domain_name;
my $pvt = $domain_priv;
- mysystem "cd Secret/CA; ./easyrsa build-server-full $dom nopass";
- mysystem "cd Secret/CA; ./easyrsa build-server-full core.$pvt nopass";
- umask 077;
+
+ mysystem ("cd Secret/CA;",
+ "./easyrsa build-server-full $dom nopass");
+ mysystem ("cd Secret/CA;",
+ "./easyrsa build-server-full core.$pvt nopass");
mysystem "mkdir --mode=700 Secret/root.gnupg";
mysystem ("gpg --homedir Secret/root.gnupg",
"root\@core.$pvt");
chmod 0440, "root-pub.pem";
mysystem ("gpg --homedir Secret/root.gnupg",
- "--export-secret-key --armor --output Secret/root-sec.pem",
+ "--export-secret-key --armor",
+ "--output Secret/root-sec.pem",
"root\@core.$pvt");
chmod 0400, "root-sec.pem";
mysystem "mkdir Secret/ssh_monkey";
chmod 0700, "Secret/ssh_monkey";
mysystem "echo 'HashKnownHosts no' >Secret/ssh_monkey/config";
- mysystem ("ssh-keygen -q -t ed25519",
- "-C monkey\@core.$domain_priv",
+ mysystem ("ssh-keygen -q -t ed25519 -C monkey\@core.$pvt",
"-N '' -f Secret/ssh_monkey/id_ed25519");
+
+ mysystem "mkdir --mode=700 Secret/opendkim";
+ if (system "which opendkim-genkey") {
+ warn "opendkim-genkey: command not found, skipped"
+ } else {
+ mysystem ("opendkim-genkey -D Secret/opendkim",
+ "-b 2048 -d $dom -s default -S");
+ }
exit;
}
projects / Institute / commitdiff