github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
580fb4407e9a9052860b86cc55bc654451fecc44
labca/backup
Arjan H 6d72d32398 Use ceremony tool for generating keys and certs; store keys on SoftHSM 
Replace openssl certificate / CRL generation with the tool as used by
Let's Encrypt, storing the keys on SoftHSMv2, a simulated HSM (Hardware
Security Module).
Include migration of old setups where key files were also stored on
disk.
2025-01-31 20:44:48 +01:00

41 lines
966 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
NOW=$(date +%y%m%d-%H%M%S)
CRON=""
if [ "$1" == "cron" ]; then
CRON="_${1}"
TODAY=`date '+%Y_%m_%d'`
echo "Running cron-$(basename $0) for ${TODAY}..."
fi
instance=$(grep fqdn /opt/labca/data/config.json 2>/dev/null | cut -d ":" -f 2- | tr -d " \"," | cut -d"." -f1)
BASE=${NOW}_${instance}${CRON}
TMPDIR=/tmp/$BASE
mkdir -p $TMPDIR
mkdir -p /opt/backup
cd /opt/boulder
docker compose exec bmysql mysqldump boulder_sa_integration >$TMPDIR/boulder_sa_integration.sql
cp -p /etc/nginx/ssl/*key* /etc/nginx/ssl/*cert.pem /etc/nginx/ssl/*.csr $TMPDIR/
cp -rp /opt/labca/data $TMPDIR/
#cp -p /opt/labca/data/config.json $TMPDIR/
cp -rp /opt/boulder/labca/certs/webpki $TMPDIR/
cp -rp /var/lib/softhsm/tokens $TMPDIR/
cd /tmp
tar czf /opt/backup/$BASE.tgz $BASE
rm -rf $TMPDIR
# housekeeping
find /opt/backup -name "*_cron_*.tgz" -mtime +31 -exec rm -rf {} \;
if [ "$1" != "cron" ]; then
echo /opt/backup/$BASE.tgz
fi
Reference in New Issue View Git Blame Copy Permalink