feat(system/services/taskserver): Integrate Let's Encrypt certificates

The current setup now runs the `taskserver.vhack.eu` domain with a Let's Encrypt certificate and additionally uses a self-signed CA certificate to validate clients. The shell scripts used to generate the CA certificate and the derived client certificate (and keys) are taken nearly unmodified from the upstream repository [1]. [1]: https://github.com/GothenburgBitFactory/taskserver/tree/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki
author: Soispha <soispha@vhack.eu> 2023-10-04 20:11:42 +0200
committer: Soispha <soispha@vhack.eu> 2023-10-16 17:20:00 +0200
commit: 1dd6f8d3b4d7dc93095e662aaca190d3fe1be264 (patch)
tree: a6b06ec7b3a400f22f41627f8497258fb6b8d6f1 /system/services/taskserver/certs/check_expire
parent: fix(system/services/taskserver): declare certs/keys in pki.manual (diff)
download: nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.tar.gz
nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/system/services/taskserver/certs/check_expire b/system/services/taskserver/certs/check_expire
new file mode 100755
index 0000000..59f9dc6
--- /dev/null
+++ b/system/services/taskserver/certs/check_expire
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for cert in *.cert.pem; do
+	echo $cert
+	openssl x509 -noout -in $cert -dates
+	echo
+done
author	Soispha <soispha@vhack.eu>	2023-10-04 20:11:42 +0200
committer	Soispha <soispha@vhack.eu>	2023-10-16 17:20:00 +0200
commit	1dd6f8d3b4d7dc93095e662aaca190d3fe1be264 (patch)
tree	a6b06ec7b3a400f22f41627f8497258fb6b8d6f1 /system/services/taskserver/certs/check_expire
parent	fix(system/services/taskserver): declare certs/keys in pki.manual (diff)
download	nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.tar.gz nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.zip