additions for ca deployment

configs/scripts/ca.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# This file is part of VM-Experiments.
+# Licensed under the GPL-3.0-or-later. See LICENSE for details.
+
+trap '' SIGINT SIGTERM
+rm /etc/nginx/sites-enabled/default
+tar -xzf /root/deployment.tar.gz -C /root
+openssl genrsa -out /root/ca.key 2048
+chmod 400 /root/ca.key
+mkdir -p /etc/ssl/certs/
+mkdir -p /etc/ssl/private/
+openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR'
+cp /etc/ssl/certs/ca.crt /root
+cp /etc/ssl/certs/ca.crt /usr/local/share/ca-certificates/
+chown -R www-data:www-data /etc/ssl/private/
+chown -R www-data:www-data /etc/ssl/certs/
+chmod 600 -R /etc/ssl/private/
+chmod 644 -R /etc/ssl/certs/ca.crt
+update-ca-certificates

configs/scripts/server.sh

@@ -21,20 +21,3 @@ while true; do
         break
     fi
 done
-
-rm /mnt/etc/nginx/sites-enabled/default
-tar -xzf deployment.tar.gz -C '/mnt/root'
-chroot /mnt /bin/bash -c "cd root && openssl genrsa -out ca.key 2048"
-chmod 400 /mnt/root/ca.key
-mkdir -p /mnt/etc/ssl/certs/
-mkdir -p /mnt/etc/ssl/private/
-chroot /mnt /bin/bash -c "openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR'"
-cp /mnt/etc/ssl/certs/ca.crt /mnt/root
-cp /mnt/etc/ssl/certs/ca.crt /mnt/usr/local/share/ca-certificates/
-chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/private/"
-chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/certs/"
-chmod 600 -R /mnt/etc/ssl/private/
-chmod 644 -R /mnt/etc/ssl/certs/ca.crt
-chroot /mnt /bin/bash -c "update-ca-certificates"
-
-read a