pi-extensions

shahondin1624/pi-extensions

Fork 0

Commit Graph

Author	SHA1	Message	Date
shahondin1624	cdae16562a	fix(scripts): correct ORG default Shah*ODin → Shahondin1624 Typo in the issuer org for newly minted client certs. Existing certs are unaffected (Caddy validates against the root CA's public key, not subject text). Future certs issued via this script will carry the corrected O=Shahondin1624. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 14:43:18 +02:00
shahondin1624	e58c78d21c	Add setup scripts for onboarding new machines - scripts/install-client.sh: bootstraps a pi client — fetches certs from the Caddy host via scp, rsyncs the extensions into ~/.pi/agent/, sets up SSH key-auth to the ai-server for admin commands, probes the mTLS /health endpoint to verify. - scripts/issue-client-cert.sh: run on the Caddy host to mint a new device identity — generates key + CSR, signs with the local root CA, and emits both a modern p12 (AES-256) and a -legacy p12 (3DES/RC2-40) for NSS-based browsers. - scripts/install-browser-certs.sh: imports certs into Brave Flatpak's isolated NSS DB, ~/.pki/nssdb for packaged Chromium-family browsers, each Firefox profile, optionally the system trust store, and optionally drops a Brave AutoSelectCertificateForUrls policy so the cert prompt stops appearing on every page load. All three are idempotent, --help-aware, and accept env/flag overrides for the hardcoded defaults. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-23 21:26:08 +02:00

Author

SHA1

Message

Date

shahondin1624

cdae16562a

fix(scripts): correct ORG default Shah*ODin → Shahondin1624

Typo in the issuer org for newly minted client certs. Existing certs are
unaffected (Caddy validates against the root CA's public key, not subject
text). Future certs issued via this script will carry the corrected
O=Shahondin1624.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-28 14:43:18 +02:00

shahondin1624

e58c78d21c

Add setup scripts for onboarding new machines

- scripts/install-client.sh: bootstraps a pi client — fetches certs from
  the Caddy host via scp, rsyncs the extensions into ~/.pi/agent/, sets
  up SSH key-auth to the ai-server for admin commands, probes the mTLS
  /health endpoint to verify.
- scripts/issue-client-cert.sh: run on the Caddy host to mint a new
  device identity — generates key + CSR, signs with the local root CA,
  and emits both a modern p12 (AES-256) and a -legacy p12 (3DES/RC2-40)
  for NSS-based browsers.
- scripts/install-browser-certs.sh: imports certs into Brave Flatpak's
  isolated NSS DB, ~/.pki/nssdb for packaged Chromium-family browsers,
  each Firefox profile, optionally the system trust store, and
  optionally drops a Brave AutoSelectCertificateForUrls policy so the
  cert prompt stops appearing on every page load.

All three are idempotent, --help-aware, and accept env/flag overrides
for the hardcoded defaults.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-23 21:26:08 +02:00

2 Commits