nixcfg/tlsproxy

#!/bin/sh

set -xe

# Enter proper cluster subdirectory

cd $(dirname $0)

CLUSTER="$1"
if [ ! -d "cluster/$CLUSTER" ]; then
	echo "Usage: $0 <cluster name>"
	echo "The cluster name must be the name of a subdirectory of cluster/"
	exit 1
fi

PREFIX="deuxfleurs/cluster/$CLUSTER"

# Do actual stuff

YEAR=$(date +%Y)

CERTDIR=$(mktemp -d)

_int() {
  echo "Caught SIGINT signal!"
  rm -rv $CERTDIR
  kill -INT "$child1" 2>/dev/null
  kill -INT "$child2" 2>/dev/null
}

trap _int SIGINT

pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt
pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt
pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key
pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key

socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt &
child1=$!

socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt &
child2=$!

wait "$child1"
wait "$child2"
tlsproxy from pass; fix tls stuff 2022-04-20 13:29:24 +00:00			`#!/bin/sh`

			`set -xe`

			`# Enter proper cluster subdirectory`

			`cd $(dirname $0)`

			`CLUSTER="$1"`
			`if [ ! -d "cluster/$CLUSTER" ]; then`
			`echo "Usage: $0 <cluster name>"`
			`echo "The cluster name must be the name of a subdirectory of cluster/"`
			`exit 1`
			`fi`

			`PREFIX="deuxfleurs/cluster/$CLUSTER"`

			`# Do actual stuff`

			`YEAR=$(date +%Y)`

			`CERTDIR=$(mktemp -d)`

			`_int() {`
			`echo "Caught SIGINT signal!"`
			`rm -rv $CERTDIR`
			`kill -INT "$child1" 2>/dev/null`
			`kill -INT "$child2" 2>/dev/null`
			`}`

			`trap _int SIGINT`

			`pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt`
			`pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt`
			`pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key`
			`pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt`
			`pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt`
			`pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key`

			`socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt &`
			`child1=$!`

			`socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt &`
			`child2=$!`

			`wait "$child1"`
			`wait "$child2"`