Last active
April 2, 2022 09:30
-
-
Save franzbischoff/1dc960aa5ad93c604f1cc57282f3ebb4 to your computer and use it in GitHub Desktop.
Tailscale hack on homeassistant official addon for creating and updating SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # disclaimer: I did it for personal use, no garantees | |
| # this version doesn't check if the script was already runned. Nothing bad happens anyway. | |
| # first you need to have the "reconfig.sh" inside the addon container. If you are just updating the container, | |
| # the data folder usually stays there with the script. | |
| dockerssl="/data/ssl" | |
| localssl="/root/ssl/tailscale" | |
| tailaddon="addon_a0d7b954_tailscale" # THIS IS THE ADDON CONTAINER, MAY CHANGE | |
| # run the script and copy the files from the container to the local filesystem | |
| docker exec addon_a0d7b954_tailscale "${dockerssl}/reconfig.sh" && | |
| docker cp ${tailaddon}:"${dockerssl}/fullchain.pem" "${localssl}/fullchain.pem" && | |
| docker cp ${tailaddon}:"${dockerssl}/privkey.pem" "${localssl}/privkey.pem" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # disclaimer: I did it for personal use, no garantees | |
| # this version doesn't check if the script was already runned. Nothing bad happens anyway. | |
| # This file must be dropped inside the tailscale container, and needs to be re-run everytime the container is | |
| # rebuilt (e.g. new version). Next version will also add a cron job to keep it updating the certificate. | |
| # To get into the container, use the SSH addon with privileges, and run: | |
| # > docker exec -it addon_a0d7b954_tailscale /bin/bash | |
| # then install any editor: | |
| # > apk add nano; apk add vim | |
| # and copy&paste this script there. Don't forget to make it executable with > chmod 755 reconfig.sh | |
| # the next step is done by the next script (get the certificates from this container to the homeassistant | |
| myhost="YOUR_MACHINE_NAME_ON_TAILSCALE" | |
| mydomain="YOUR_DOMAIN_ON_TAILSCALE.ts.net" | |
| myhostname="${myhost}.${mydomain}" | |
| datafolder="/data" | |
| tailfolder="${datafolder}/tailscale" | |
| tailbinary="/opt/tailscale" | |
| tailservicepath="/var/run/s6/services/tailscaled" | |
| # create the missing folders (https://github.com/tailscale/tailscale/issues/2932) | |
| mkdir -p "${tailfolder}" | |
| cp "${datafolder}/tailscaled.state" "${tailfolder}/tailscaled.state" | |
| # reconfiguring the service | |
| sed -i 's/data\/tailscaled/data\/tailscale\/tailscaled/' "${tailservicepath}/run" | |
| # restarting the service | |
| s6-svc -r "${tailservicepath}" | |
| # asking tailscale for new certificates (if needed) | |
| mkdir -p "${tailfolder}/certs" | |
| cd "${tailfolder}/certs" || exit | |
| ${tailbinary} cert ${myhostname} | |
| cat "${myhostname}.key" "${myhostname}.crt" >snakeoil.pem | |
| # making sure the file permissions | |
| chmod 644 ./*.crt | |
| chmod 600 ./*.key | |
| chmod 600 ./*.pem | |
| # copying the certificates to /data/ssl for further step | |
| cp "${myhostname}.key" "${datafolder}/ssl/privkey.pem" | |
| cp snakeoil.pem "${datafolder}/ssl/fullchain.pem" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment