50 lines
1.6 KiB
Bash
Executable File
50 lines
1.6 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
CONFIG_FILE="/home/step/config/ca.json"
|
|
MARKER="/home/step/.postgres-configured"
|
|
POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)
|
|
|
|
|
|
# If already configured, start normally with PostgreSQL
|
|
if [ -f "$MARKER" ]; then
|
|
echo "✅ PostgreSQL already configured, starting step-ca..."
|
|
echo $(cat $CONFIG_FILE)
|
|
exec step-ca "$CONFIG_FILE"
|
|
fi
|
|
|
|
# If ca.json does not exist yet, perform full initialization
|
|
if [ ! -f "$CONFIG_FILE" ]; then
|
|
echo "🔄 Running step ca init (with Badger temporarily)..."
|
|
|
|
# Use Docker secrets directly (mounted at /run/secrets/password)
|
|
step ca init \
|
|
--name="${DOCKER_STEPCA_INIT_NAME}" \
|
|
--dns="${DOCKER_STEPCA_INIT_DNS_NAMES}" \
|
|
--address=:9000 \
|
|
--provisioner="${DOCKER_STEPCA_INIT_PROVISIONER_NAME}" \
|
|
--password-file=/run/secrets/password \
|
|
--provisioner-password-file=/run/secrets/password \
|
|
--ssh \
|
|
--acme \
|
|
--remote-management\
|
|
--admin-subject="${DOCKER_STEPCA_INIT_ADMIN_SUBJECT}"
|
|
|
|
echo "✅ Init complete, certificates generated"
|
|
touch "$MARKER"
|
|
fi
|
|
|
|
# Now modify ca.json to use PostgreSQL
|
|
echo "🔧 Replacing Badger with PostgreSQL in ca.json..."
|
|
|
|
jq --arg datasource "postgresql://stepca:${POSTGRES_PASSWORD}@postgres:5432/stepca?sslmode=disable" \
|
|
'del(.db) | . + {db: {type: "postgresql", dataSource: $datasource}}' \
|
|
"$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
|
|
|
|
mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"
|
|
|
|
# Mark as configured
|
|
touch "$MARKER"
|
|
|
|
echo "✅ PostgreSQL configured, starting step-ca with PostgreSQL backend..."
|
|
exec step-ca "$CONFIG_FILE" --password-file=/run/secrets/password |