1.0.0 Release IaaS

2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
--- a/config/services/containers/infra/ca/ca.container.j2
+++ b/config/services/containers/infra/ca/ca.container.j2
@@ -0,0 +1,35 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=CA
+
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+Image=docker.io/smallstep/step-ca:{{ version['containers']['step'] }}
+
+ContainerName=ca
+HostName=ca
+
+PublishPort=9000:9000/tcp
+
+Volume=%h/containers/ca/certs:/home/step/certs:ro
+Volume=%h/containers/ca/secrets:/home/step/secrets:ro
+Volume=%h/containers/ca/config:/home/step/config:rw
+Volume=%h/containers/ca/db:/home/step/db:rw
+Volume=%h/containers/ca/templates:/home/step/templates:rw
+
+Environment="TZ=Asia/Seoul"
+Environment="PWDPATH=/run/secrets/STEP_CA_PASSWORD"
+
+Secret=STEP_CA_PASSWORD,target=/run/secrets/STEP_CA_PASSWORD
+
+[Service]
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target
--- a/config/services/containers/infra/ca/config/ca.json.j2
+++ b/config/services/containers/infra/ca/config/ca.json.j2
@@ -0,0 +1,61 @@
+{
+	"root": "/home/step/certs/ilnmors_root_ca.crt",
+	"federatedRoots": null,
+	"crt": "/home/step/certs/ilnmors_intermediate_ca.crt",
+	"key": "/home/step/secrets/ilnmors_intermediate_ca.key",
+	"address": ":9000",
+	"insecureAddress": "",
+	"dnsNames": [
+		"{{ infra_uri['ca']['domain'] }}"
+	],
+	"logger": {
+		"format": "text"
+	},
+	"db": {
+		"type": "badgerv2",
+		"dataSource": "/home/step/db",
+		"badgerFileLoadingMode": ""
+	},
+	"authority": {
+		"policy": {
+			"x509": {
+				"allow": {
+					"dns": [
+						"ilnmors.internal",
+						"*.ilnmors.internal"
+					]
+				},
+				"allowWildcardNames": true
+			}
+		},
+		"provisioners": [
+			{
+				"type": "ACME",
+				"name": "acme@ilnmors.internal",
+				"claims": {
+					"defaultTLSCertDuration": "2160h0m0s",
+					"enableSSHCA": true,
+					"disableRenewal": false,
+					"allowRenewalAfterExpiry": false,
+					"disableSmallstepExtensions": false
+				},
+				"options": {
+					"x509": {},
+					"ssh": {}
+				}
+			}
+		],
+		"template": {},
+		"backdate": "1m0s"
+	},
+	"tls": {
+		"cipherSuites": [
+			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+		],
+		"minVersion": 1.2,
+		"maxVersion": 1.3,
+		"renegotiation": false
+	},
+	"commonName": "ilnmors Online CA"
+}
--- a/config/services/containers/infra/ca/config/defaults.json.j2
+++ b/config/services/containers/infra/ca/config/defaults.json.j2
@@ -0,0 +1,6 @@
+{
+	"ca-url": "https://{{ infra_uri['ca']['domain'] }}:{{ infra_uri['ca']['ports']['https'] }}",
+	"ca-config": "/home/step/config/ca.json",
+	"fingerprint": "215c851d2d0d2dbf90fc3507425207c29696ffd587c640c94a68dddb1d84d8e8",
+	"root": "/home/step/certs/ilnmors_root_ca.crt"
+}
--- a/config/services/containers/infra/ca/templates/ca.tpl
+++ b/config/services/containers/infra/ca/templates/ca.tpl
@@ -0,0 +1,8 @@
+{
+	"subject": {{ toJson .Subject }},
+	"keyUsage": ["certSign", "crlSign"],
+	"basicConstraints": {
+		"isCA": true,
+		"maxPathLen": 0
+	}
+}