mirror of
https://github.com/laurivosandi/certidude
synced 2024-11-14 17:06:44 +00:00
Lauri Võsandi
ce93fbb58b
* Improved offline install docs * Migrated token mechanism backend to SQL * Preliminary token mechanism frontend integration * Add clock skew tolerance for OCSP * Add 'ldap computer filter' support for Kerberized machine enroll * Include OCSP and CRL URL-s in certificates, controlled by profile.conf * Better certificate extension handling * Place DH parameters file in /etc/ssl/dhparam.pem * Always talk to CA over port 8443 for 'certidude enroll' * Hardened frontend nginx config * Separate log files for frontend nginx * Better provisioning heuristics * Add sample site.sh config for LEDE image builder * Add more device profiles for LEDE image builder * Various bugfixes and improvements
15 lines
390 B
Plaintext
15 lines
390 B
Plaintext
# Randomize restart time
|
|
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
|
|
|
# wtf?! https://wiki.strongswan.org/issues/1501#note-7
|
|
cat << EOF > /etc/crontabs/root
|
|
#$OFFSET 2 * * * sleep 70 && touch /etc/banner && reboot
|
|
$OFFSET 2 * * * ipsec restart
|
|
5 1 1 */2 * /usr/bin/certidude-enroll-renew
|
|
EOF
|
|
|
|
chmod 0600 /etc/crontabs/root
|
|
|
|
/etc/init.d/cron enable
|
|
|