Infra/ansible/roles/proxmox/templates/get_cert.sh.j2

#!/usr/bin/env sh

# Based on https://gist.github.com/danie1k/c3d866eb6eed93bbc16b0628639efefe

HOSTNAME="gateway.rostvik.site"
CERT_ID="2"
USERNAME="root"
PASSWORD="{{ secret_rox_pass }}"

echo "Downloading certificate id=${CERT_ID} from ${HOSTNAME} into cert.pem file..."

# Open login screen
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    https://$HOSTNAME/system_certmanager.php \
    | grep hidden | sed -E 's/.*name="([^"\]+)" value="([^"]+)".*/\1=\2/' > /tmp/opnsense_csrf.txt

POST_DATA="usernamefld=${USERNAME}&passwordfld=${PASSWORD}&login=1&$(cat /tmp/opnsense_csrf.txt)"

# Perform login
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    https://$HOSTNAME/system_certmanager.php \
    -X POST --data "${POST_DATA}" > /dev/null

# Export user key
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    "https://$HOSTNAME/system_certmanager.php?act=key&id=$CERT_ID" > /etc/pve/local/pve-ssl.key

# Export user cert
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    "https://$HOSTNAME/system_certmanager.php?act=exp&id=$CERT_ID" > /etc/pve/local/pve-ssl.pem

rm -f /tmp/opnsense_csrf.txt /tmp/opnsense_cookies.txt

# Restart pveproxy
systemctl restart pveproxy.service

echo "Done."
Prox QoL 2022-10-19 00:18:29 +02:00			`#!/usr/bin/env sh`

			`# Based on https://gist.github.com/danie1k/c3d866eb6eed93bbc16b0628639efefe`

			`HOSTNAME="gateway.rostvik.site"`
			`CERT_ID="2"`
			`USERNAME="root"`
			`PASSWORD="{{ secret_rox_pass }}"`

			`echo "Downloading certificate id=${CERT_ID} from ${HOSTNAME} into cert.pem file..."`

			`# Open login screen`
			`curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \`
			`https://$HOSTNAME/system_certmanager.php \`
			`\| grep hidden \| sed -E 's/.name="([^"\]+)" value="([^"]+)"./\1=\2/' > /tmp/opnsense_csrf.txt`

			`POST_DATA="usernamefld=${USERNAME}&passwordfld=${PASSWORD}&login=1&$(cat /tmp/opnsense_csrf.txt)"`

			`# Perform login`
			`curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \`
			`https://$HOSTNAME/system_certmanager.php \`
			`-X POST --data "${POST_DATA}" > /dev/null`

			`# Export user key`
			`curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \`
			`"https://$HOSTNAME/system_certmanager.php?act=key&id=$CERT_ID" > /etc/pve/local/pve-ssl.key`

			`# Export user cert`
			`curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \`
			`"https://$HOSTNAME/system_certmanager.php?act=exp&id=$CERT_ID" > /etc/pve/local/pve-ssl.pem`

			`rm -f /tmp/opnsense_csrf.txt /tmp/opnsense_cookies.txt`

			`# Restart pveproxy`
			`systemctl restart pveproxy.service`

			`echo "Done."`