blob: ceabbf9c3911a2759dac0d21e8dd2041cc1e6bc8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/sh
# PROVIDE: pomerium
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable pomerium
# pomerium_enable="YES"
#
# pomerium_enable (bool): Set to YES to enable pomerium
# Default: NO
# pomerium_conf (str): pomerium configration file
# Default: %%ETCDIR%%/config.yaml
# pomerium_user (str): pomerium daemon user
# Default: %%POMERIUM_USER%%
# pomerium_cert_file (str): Path to pomerium certificate file, must be set
# unless configured as insecure server.
# Default: ""
# pomerium_cert_key_file (str): Path to pomerium certificate private key file,
# must be set unless configured as insecure server.
# Default: ""
# pomerium_shared_secret (str): 256-bit shared secret to mutually authenticate
# requests between services.
# Default: random string
# pomerium_cookie_secret (str): 256-bit cookie secret. Random if empty.
# Default: random string
. /etc/rc.subr
name=pomerium
rcvar=pomerium_enable
load_rc_config ${name}
: ${pomerium_enable:="NO"}
: ${pomerium_user:="%%POMERIUM_USER%%"}
: ${pomerium_flags:=""}
: ${pomerium_conf:="%%ETCDIR%%/config.yaml"}
: ${pomerium_options:="-config=${pomerium_conf}"}
: ${pomerium_shared_secret:="$(head -c32 /dev/urandom| uuencode -r -m -)"}
: ${pomerium_cookie_secret:="$(head -c32 /dev/urandom| uuencode -r -m -)"}
: ${pomerium_cert_file:=""}
: ${pomerium_cert_key_file:=""}
pidfile="%%POMERIUMPIDDIR%%${name}.pid"
procname="%%PREFIX%%/libexec/pomerium"
command=/usr/sbin/daemon
command_args="-c -p ${pidfile} -T ${name} ${procname} ${pomerium_options}"
start_precmd="pomerium_precmd"
pomerium_precmd()
{
install -d -o ${pomerium_user} %%POMERIUMPIDDIR%%
install -o ${pomerium_user} /dev/null ${pidfile}
export SHARED_SECRET="${pomerium_shared_secret}"
export COOKIE_SECRET="${pomerium_cookie_secret}"
[ -n "${pomerium_cert_file}" ] && export CERTIFICATE_FILE="${pomerium_cert_file}"
[ -n "${pomerium_cert_key_file}" ] && export CERTIFICATE_KEY_FILE="${pomerium_cert_key_file}"
}
run_rc_command "$1"
|
