mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-09 12:29:19 -08:00
feat: SSH CA
This commit is contained in:
parent
a28e1ce6e2
commit
ccf6a6f704
GPG key ID:
465E64DECEA8CF0F
23 changed files with 678 additions and 431 deletions
75
iac/ca.go
75
iac/ca.go
|
|
@ -1,40 +1,45 @@
|
|||
package iac
|
||||
|
||||
import(
|
||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||
tls "github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
|
||||
import (
|
||||
tls "github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
|
||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||
)
|
||||
|
||||
func GenerateTLSCA(ctx *pulumi.Context) (key *tls.PrivateKey, cert *tls.SelfSignedCert, err error) {
|
||||
key, err = tls.NewPrivateKey(ctx, "kat-root-ca-key", &tls.PrivateKeyArgs{
|
||||
Algorithm: pulumi.String("RSA"),
|
||||
RsaBits: pulumi.Int(4096),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
cert, err = tls.NewSelfSignedCert(ctx, "kat-root-ca-pem-cert", &tls.SelfSignedCertArgs{
|
||||
PrivateKeyPem: key.PrivateKeyPem,
|
||||
AllowedUses: goStringArrayToPulumiStringArray([]string{"digital_signature",
|
||||
"cert_signing",
|
||||
"crl_signing"}),
|
||||
IsCaCertificate: pulumi.Bool(true),
|
||||
ValidityPeriodHours: pulumi.Int(2562047),
|
||||
Subject: &tls.SelfSignedCertSubjectArgs{
|
||||
CommonName: pulumi.String("inskip.me"),
|
||||
Organization: pulumi.String("Kat Inskip"),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
ctx.Export("tls_ca_pem_key", key.PrivateKeyPem)
|
||||
ctx.Export("tls_ca_os_key", key.PrivateKeyOpenssh)
|
||||
ctx.Export("tls_ca_cert", cert.CertPem)
|
||||
|
||||
return key, cert, err
|
||||
type CertificateAuthority struct {
|
||||
Key *tls.PrivateKey
|
||||
Cert *tls.SelfSignedCert
|
||||
}
|
||||
|
||||
func (ca *CertificateAuthority) handle(ctx *pulumi.Context) (err error) {
|
||||
ca.Key, err = tls.NewPrivateKey(ctx, "ca-root", &tls.PrivateKeyArgs{
|
||||
Algorithm: pulumi.String("RSA"),
|
||||
RsaBits: pulumi.Int(4096),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ca.Cert, err = tls.NewSelfSignedCert(ctx, "ca-root", &tls.SelfSignedCertArgs{
|
||||
PrivateKeyPem: ca.Key.PrivateKeyPem,
|
||||
AllowedUses: goStringArrayToPulumiStringArray([]string{"digital_signature",
|
||||
"cert_signing",
|
||||
"crl_signing"}),
|
||||
IsCaCertificate: pulumi.Bool(true),
|
||||
ValidityPeriodHours: pulumi.Int(2562047),
|
||||
Subject: &tls.SelfSignedCertSubjectArgs{
|
||||
CommonName: pulumi.String("inskip.me"),
|
||||
Organization: pulumi.String("Kat Inskip"),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ctx.Export("ca_pem_privkey", ca.Key.PrivateKeyPem)
|
||||
ctx.Export("ca_os_privkey", ca.Key.PrivateKeyOpenssh)
|
||||
ctx.Export("ca_pem_cert", ca.Cert.CertPem)
|
||||
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue