#!/usr/bin/sh #---------------------------------------------------------------------------- # /var/install/config.d/ktls-utils.sh - ktls-utils configuration # # Creation: 2026-02-17 hbfl # Last Update: $Id$ # # Copyright (c) 2026-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # include eislib . /var/install/include/eislib package_name='ktls-utils' config_file=/etc/config.d/${package_name} tlshd_conf='/etc/tlshd/config' cert_path='/etc/ssl/certs' cert_link="${package_name}.pem" cert_key="${package_name}.key" VERSION=3.6.0 . ${config_file} # --------------------------------------------------------------------------- # timer start # --------------------------------------------------------------------------- ktls_start() { if /usr/sbin/service is-enabled tlshd.service then /usr/sbin/service daemon-reload /usr/sbin/service restart tlshd.service else /usr/sbin/service enable tlshd.service /usr/sbin/service start tlshd.service fi } # --------------------------------------------------------------------------- # timer stop # --------------------------------------------------------------------------- ktls_stop() { /usr/sbin/service disable tlshd.service /usr/sbin/service stop tlshd.service } # --------------------------------------------------------------------------- # create config # --------------------------------------------------------------------------- create_config() { # remove cert link always if [ -L ${cert_path}/${cert_link} ] then rm -f ${cert_path}/${cert_link} rm -f ${cert_path}/${cert_key} fi pushd ${cert_path} >/dev/null ln -sf ${KTLS_UTILS_SSL_CERT} ${cert_link} cp ${cert_link} ${cert_key} chmod 0600 ${cert_key} popd >/dev/null { echo '# ------------------------------------------------------------------------------' echo "# ${tlshd_conf} generated by ${package_name} Version ${VERSION}" echo '#' echo "# Do not edit this file, edit /etc/config.d/${package_name}" echo "# Creation Date: ${EISDATE} Time: ${EISTIME}" echo '# -------------------------------------------------------------------------------' echo echo '[debug]' echo "loglevel=${KTLS_UTILS_DEBUG:-0}" echo "tls=${KTLS_UTILS_DEBUG:-0}" echo "nl=${KTLS_UTILS_DEBUG:-0}" if [ "${KTLS_UTILS_CLIENT_CERT:-no}" = "yes" ] then echo echo '[authenticate.client]' if [ -n "${KTLS_UTILS_SSL_CA}" ] then echo "x509.truststore=${cert_path}/${KTLS_UTILS_SSL_CA}" fi echo "x509.certificate=${cert_path}/${cert_link}" echo "x509.private_key=${cert_path}/${cert_key}" fi if [ "${KTLS_UTILS_SERVER_CERT:-no}" = "yes" ] then echo echo '[authenticate.server]' if [ -n "${KTLS_UTILS_SSL_CA}" ] then echo "x509.truststore=${cert_path}/${KTLS_UTILS_SSL_CA}" fi echo "x509.certificate=${cert_path}/${cert_link}" echo "x509.private_key=${cert_path}/${cert_key}" fi } >${tlshd_conf} } # --------------------------------------------------------------------------- # main # --------------------------------------------------------------------------- main() { while [ ${#} -ne 0 ] do case "$1" in --quiet) _quiet=true __quiet='--quiet' shift ;; esac done if [ "${START_KTLS_UTILS:-no}" = "yes" ] then create_config ktls_start else ktls_stop fi } # --------------------------------------------------------------------------- # call function main # --------------------------------------------------------------------------- main "${@}" # --------------------------------------------------------------------------- # end # ---------------------------------------------------------------------------