45 lines
1.5 KiB
Bash
Executable file
45 lines
1.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Generate mkcert certificates for all *.atlilith.apricot.lan dev subdomains.
|
|
# Run once on a new machine or when adding a new subdomain.
|
|
# Requires: mkcert (brew install mkcert / apt install mkcert)
|
|
#
|
|
# Usage:
|
|
# bash @platform/scripts/gen-local-certs.sh # generate missing
|
|
# bash @platform/scripts/gen-local-certs.sh --force # regenerate all
|
|
|
|
set -euo pipefail
|
|
|
|
REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)"
|
|
CERTS_DIR="$REPO_ROOT/@platform/infrastructure/certs"
|
|
FORCE=false
|
|
|
|
for arg in "$@"; do [[ "$arg" == "--force" ]] && FORCE=true; done
|
|
|
|
if ! command -v mkcert &>/dev/null; then
|
|
echo "ERROR: mkcert not found. Install it first:" >&2
|
|
echo " Linux: brew install mkcert OR sudo apt install mkcert" >&2
|
|
echo " macOS: brew install mkcert" >&2
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p "$CERTS_DIR"
|
|
|
|
# Single wildcard cert covers all subdomains.
|
|
WILDCARD_CRT="$CERTS_DIR/_wildcard.atlilith.apricot.lan.crt"
|
|
WILDCARD_KEY="$CERTS_DIR/_wildcard.atlilith.apricot.lan.key"
|
|
|
|
if [[ "$FORCE" == "false" && -f "$WILDCARD_CRT" && -f "$WILDCARD_KEY" ]]; then
|
|
echo " [skip] wildcard cert already exists at $WILDCARD_CRT"
|
|
else
|
|
echo " [gen] wildcard cert for *.atlilith.apricot.lan + atlilith.apricot.lan"
|
|
mkcert \
|
|
-cert-file "$WILDCARD_CRT" \
|
|
-key-file "$WILDCARD_KEY" \
|
|
"atlilith.apricot.lan" "*.atlilith.apricot.lan"
|
|
fi
|
|
|
|
echo ""
|
|
echo "Certs at: $CERTS_DIR"
|
|
echo ""
|
|
echo "Next: (re)start Caddy to pick up changes:"
|
|
echo " manage-apps restart atlilith.proxy apricot"
|