mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Lauri Võsandi
ce93fbb58b
* Improved offline install docs * Migrated token mechanism backend to SQL * Preliminary token mechanism frontend integration * Add clock skew tolerance for OCSP * Add 'ldap computer filter' support for Kerberized machine enroll * Include OCSP and CRL URL-s in certificates, controlled by profile.conf * Better certificate extension handling * Place DH parameters file in /etc/ssl/dhparam.pem * Always talk to CA over port 8443 for 'certidude enroll' * Hardened frontend nginx config * Separate log files for frontend nginx * Better provisioning heuristics * Add sample site.sh config for LEDE image builder * Add more device profiles for LEDE image builder * Various bugfixes and improvements
47 lines
1.4 KiB
Bash
47 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
. common.sh
|
|
|
|
cat << \EOF > $OVERLAY/etc/uci-defaults/40-hostname
|
|
|
|
HOSTNAME=cam-$(cat /sys/class/net/eth0/address | cut -d : -f 4- | sed -e 's/://g')
|
|
uci set system.@system[0].hostname=$HOSTNAME
|
|
uci set network.wan.hostname=$HOSTNAME
|
|
|
|
EOF
|
|
|
|
touch $OVERLAY/etc/config/wireless
|
|
|
|
cat << EOF > $OVERLAY/etc/uci-defaults/50-ipcam
|
|
|
|
uci delete network.lan
|
|
uci delete network.wan6
|
|
|
|
uci set network.vpn=interface
|
|
uci set network.vpn.ifname='ipsec0'
|
|
uci set network.vpn.proto='none'
|
|
uci set firewall.@zone[0].network=vpn
|
|
uci delete firewall.@forwarding[0]
|
|
|
|
uci set mjpg-streamer.core.enabled=1
|
|
uci set mjpg-streamer.core.quality=''
|
|
uci set mjpg-streamer.core.resolution='1280x720'
|
|
uci delete mjpg-streamer.core.username
|
|
uci delete mjpg-streamer.core.password
|
|
|
|
uci certidude.@authority[0].red_led='gl-connect:red:wlan'
|
|
uci certidude.@authority[0].green_led='gl-connect:green:lan'
|
|
|
|
/etc/init.d/dropbear disable
|
|
/etc/init.d/ipsec disable
|
|
|
|
EOF
|
|
|
|
|
|
make -C $BUILD/$BASENAME image FILES=$OVERLAY PROFILE=$PROFILE PACKAGES="openssl-util curl ca-certificates \
|
|
strongswan-default strongswan-mod-openssl strongswan-mod-curl strongswan-mod-ccm strongswan-mod-gcm htop \
|
|
iftop tcpdump nmap nano usbutils luci luci-app-mjpg-streamer kmod-video-uvc dropbear \
|
|
-pppd -luci-proto-ppp -kmod-ppp -ppp -ppp-mod-pppoe \
|
|
-dnsmasq -odhcpd -odhcp6c -kmod-ath9k picocom strongswan-mod-kernel-libipsec kmod-tun \
|
|
netdata"
|