26 lines
774 B
Bash
26 lines
774 B
Bash
|
pip3 install git+https://github.com/laurivosandi/certidude/
|
||
|
mkdir -p /etc/certidude/{client.conf.d,services.conf.d}
|
||
|
cat << EOF > /etc/certidude/client.conf.d/{{ authority_name }}.conf
|
||
|
[{{ authority_name }}]
|
||
|
trigger = interface up
|
||
|
common name = $HOSTNAME
|
||
|
system wide = true
|
||
|
EOF
|
||
|
|
||
|
cat << EOF > /etc/certidude/services.conf.d/{{ authority_name }}.conf
|
||
|
{% for router in session.service.routers %}{% if "ikev2" in session.service.protocols %}
|
||
|
[IPSec to {{ router }}]
|
||
|
authority = {{ authority_name }}
|
||
|
service = network-manager/strongswan
|
||
|
remote = {{ router }}
|
||
|
{% endif %}{% if "openvpn" in session.service.protocols %}
|
||
|
[OpenVPN to {{ router }}]
|
||
|
authority = {{ authority_name }}
|
||
|
service = network-manager/openvpn
|
||
|
remote = {{ router }}
|
||
|
{% endif %}{% endfor %}
|
||
|
EOF
|
||
|
|
||
|
certidude enroll
|
||
|
|