summaryrefslogtreecommitdiffstats
path: root/bin/exit_hook.slapd.sh
diff options
context:
space:
mode:
Diffstat (limited to 'bin/exit_hook.slapd.sh')
-rwxr-xr-xbin/exit_hook.slapd.sh42
1 files changed, 42 insertions, 0 deletions
diff --git a/bin/exit_hook.slapd.sh b/bin/exit_hook.slapd.sh
new file mode 100755
index 0000000..2cb74cf
--- /dev/null
+++ b/bin/exit_hook.slapd.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+NAME="$(cat /etc/hostname)"
+DEHYDRATED_PATH="/srv/${NAME}/dehydrated/certs/${NAME}"
+SLAPD_CERT_PATH="/etc/crypto/tls"
+CA_CHAIN_NAME="cachain"
+
+mkdir -p "${SLAPD_CERT_PATH}"
+unset CHANGE
+
+if ! cmp -s "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
+then
+ /usr/bin/cp "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
+ CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
+then
+ /usr/bin/cp "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
+ CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
+then
+ /usr/bin/cp "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
+ CHANGE=true
+fi
+
+if ! cmp -s "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
+then
+ /usr/bin/cp "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
+ CHANGE=true
+fi
+
+if [ ! -z ${CHANGE} ]
+then
+ chmod 0640 /etc/crypto/tls/${NAME}*
+ chgrp ssl-cert /etc/crypto/tls/${NAME}*
+ systemctl restart slapd.service
+fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 10:54:54 +0000