From cd8f0e853f5c05b382ae49207907f89b359712bf Mon Sep 17 00:00:00 2001
From: Mohammed Amar-Bensaber <renken@shione.net>
Date: Tue, 8 Oct 2024 22:53:57 +0200
Subject: nginx: generate certificates for test targets

Podman will be used to test the generated Debian packages to ensure that
they work properly. However, this means that it is NOT shione and
therefore cannot solve letsencrypt challenge among many other things
that can only be done by shione. The goal is to have a staging area that
can mock the latter.
---
 debian/nginx-config.postinst | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/debian/nginx-config.postinst b/debian/nginx-config.postinst
index 92449c8..8045a6d 100644
--- a/debian/nginx-config.postinst
+++ b/debian/nginx-config.postinst
@@ -2,21 +2,31 @@
 #
 # TODO: Handle "$1".
 
-set -e
+set -eu
 
 #DEBHELPER#
 
 # `certbot` *must* be installed by this package.
-certbot \
-	--nginx \
-	--agree-tos \
-	--redirect \
-	--hsts \
-	--staple-ocsp \
-	--email renken+letsencrypt@shione.net \
-	-d shione.net \
-	-d www.shione.net \
-	-d git.shione.net
+if [ "$(hostname)" = shione ]; then
+	certbot \
+		--agree-tos \
+		--email renken+letsencrypt@shione.net \
+		-d shione.net \
+		-d www.shione.net \
+		-d git.shione.net
+else
+	out=/etc/letsencrypt/live/shione.net
+
+	mkdir -p -- "$out"
+	openssl genrsa \
+		>"$out"/privkey.pem
+	openssl req \
+		-new \
+		-x509 \
+		-key /etc/letsencrypt/live/shione.net/privkey.pem \
+		-subj '/CN=shione.net/O=shione.net./C=FR' \
+		>/etc/letsencrypt/live/shione.net/fullchain.pem
+fi
 
 # Apply new nginx configuration.
 deb-systemd-invoke restart nginx
-- 
cgit v1.2.3