|
| 1 | +STEP_VERSION=0.15.3 |
| 2 | + |
| 3 | +export STEPPATH=${PWD}/data/.step |
| 4 | + |
| 5 | +.PHONY: help |
| 6 | +help: |
| 7 | + @echo "Comandi disponibili:" |
| 8 | + @grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[32m%-30s\033[0m %s\n", $$1, $$2}' |
| 9 | + |
| 10 | +data/step-${STEP_VERSION}.tgz: |
| 11 | + rm -frv data/step* |
| 12 | + wget -O data/step-${STEP_VERSION}.tgz https://github.com/smallstep/cli/releases/download/v${STEP_VERSION}/step_linux_${STEP_VERSION}_amd64.tar.gz |
| 13 | + tar -C data -xf data/step-${STEP_VERSION}.tgz |
| 14 | + ln -s step_${STEP_VERSION}/bin/step data/step |
| 15 | + |
| 16 | +data/.step/config/defaults.json: data/step-${STEP_VERSION}.tgz |
| 17 | + data/step ca bootstrap --force \ |
| 18 | + --ca-url $(file < configs/ca-url) \ |
| 19 | + --fingerprint $(file < configs/ca-fingerprint) |
| 20 | + |
| 21 | +data/user_email: |
| 22 | + systemd-ask-password --echo "Inserisci la tua email Confinet:" > data/user_email |
| 23 | + |
| 24 | +data/TOKEN: data/.step/config/defaults.json |
| 25 | + rm -f data/TOKEN |
| 26 | + step oauth \ |
| 27 | + --oidc \ |
| 28 | + --bare \ |
| 29 | + --client-id $(file < configs/client-id) \ |
| 30 | + --client-secret $(file < configs/client-secret) \ |
| 31 | + --email $(file < data/user_email) \ |
| 32 | + > data/TOKEN |
| 33 | + |
| 34 | +data/.step/user.crt: data/user_email data/TOKEN |
| 35 | + data/step ca certificate --force \ |
| 36 | + --token $(file < data/TOKEN) \ |
| 37 | + --kty RSA \ |
| 38 | + --size 2048 \ |
| 39 | + $(file < data/user_email) \ |
| 40 | + data/.step/user.crt \ |
| 41 | + data/.step/user.key |
| 42 | + rm -f data/TOKEN |
| 43 | + |
| 44 | +data/pfext01-step.ovpn: data/.step/user.crt |
| 45 | + cp -a configs/pfext01-step.ovpn data/pfext01-step.ovpn.tmp |
| 46 | + echo "<ca>" >> data/pfext01-step.ovpn.tmp |
| 47 | + cat data/.step/certs/root_ca.crt >> data/pfext01-step.ovpn.tmp |
| 48 | + echo "</ca>" >> data/pfext01-step.ovpn.tmp |
| 49 | + echo "<cert>" >> data/pfext01-step.ovpn.tmp |
| 50 | + cat data/.step/user.crt >> data/pfext01-step.ovpn.tmp |
| 51 | + echo "</cert>" >> data/pfext01-step.ovpn.tmp |
| 52 | + echo "<key>" >> data/pfext01-step.ovpn.tmp |
| 53 | + cat data/.step/user.key >> data/pfext01-step.ovpn.tmp |
| 54 | + echo "</key>" >> data/pfext01-step.ovpn.tmp |
| 55 | + mv data/pfext01-step.ovpn.tmp data/pfext01-step.ovpn |
| 56 | + |
| 57 | +.PHONY: import-pfext01-step-openvpn |
| 58 | +create-pfext01-step-openvpn: data/pfext01-step.ovpn ## Crea configurazione VPN in data/pfext01-step.ovpn |
| 59 | + |
| 60 | +.PHONY: import-pfext01-step-openvpn |
| 61 | +import-pfext01-step-openvpn: data/pfext01-step.ovpn ## Importa configurazione VPN nel NetworkManager tramite `nmcli` |
| 62 | + -nmcli connection delete pfext01-step |
| 63 | + nmcli connection import type openvpn file data/pfext01-step.ovpn |
| 64 | + -echo -e "set ipv4.never-default yes\nsave\nquit" \ |
| 65 | + | nmcli connection edit pfext01-step |
| 66 | + |
| 67 | +ok: data/pfext01-step.ovpn |
| 68 | + data/step |
| 69 | + |
| 70 | +.PHONY: clean |
| 71 | +clean: |
| 72 | + rm -frv data/* data/.step |
0 commit comments