chown and chmod generated pfx files
This commit is contained in:
parent
d1552035f1
commit
68497c4d10
GPG Key ID:
75D6600BEF4E8E8F
@ -24,7 +24,16 @@ server_user = 'luke'
|
||||
domain = 'drheck.dev'
|
||||
|
||||
supported_services = [
|
||||
'git', 'plex', 'jellyfin', 'photoprism', 'nextcloud', 'read', 'www', 'chat', 'sync']
|
||||
'chat',
|
||||
'git',
|
||||
'jellyfin',
|
||||
'nextcloud',
|
||||
'photoprism',
|
||||
'plex',
|
||||
'read',
|
||||
'sync',
|
||||
'www',
|
||||
]
|
||||
|
||||
restart_delay = {
|
||||
'plex': 10
|
||||
@ -32,7 +41,7 @@ restart_delay = {
|
||||
|
||||
pfx_key_path = {
|
||||
'plex': '/data/plex/certs/certificate.pfx',
|
||||
'jellyfin': f'/etc/letsencrypt/live/jellyfin.{domain}/jellyfin.pfx',
|
||||
'jellyfin': '/data/jellyfin/ssl/jellyfin.pfx',
|
||||
}
|
||||
|
||||
# Cert owning user if different than the name of the service
|
||||
@ -158,6 +167,20 @@ def pfx_gen(service):
|
||||
'-inkey', f'/etc/letsencrypt/live/{service}.{domain}/privkey.pem',
|
||||
'-in', f'/etc/letsencrypt/live/{service}.{domain}/cert.pem',
|
||||
'-certfile', f'/etc/letsencrypt/live/{service}.{domain}/chain.pem']
|
||||
user = service
|
||||
if service in users:
|
||||
user = users[service]
|
||||
uid = pwd.getpwnam(user).pw_uid
|
||||
gid = pwd.getpwnam(user).pw_gid
|
||||
|
||||
# chown after custom service in case pfx or other key is generated
|
||||
|
||||
log.info(f'changing owner of {pkp} - uid: {uid} gid: {gid}')
|
||||
os.chown(pkp, uid, gid)
|
||||
|
||||
log.info(f'chmod {pkp} to 0o600')
|
||||
pkp.chmod(0o600)
|
||||
|
||||
log.info(f'cmd to encrypt private key: "{" ".join(cmd)}"')
|
||||
p = pexpect.spawnu(' '.join(cmd))
|
||||
p.logfile = sys.stderr
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user