shahondin1624
e58c78d21c
- scripts/install-client.sh: bootstraps a pi client — fetches certs from the Caddy host via scp, rsyncs the extensions into ~/.pi/agent/, sets up SSH key-auth to the ai-server for admin commands, probes the mTLS /health endpoint to verify. - scripts/issue-client-cert.sh: run on the Caddy host to mint a new device identity — generates key + CSR, signs with the local root CA, and emits both a modern p12 (AES-256) and a -legacy p12 (3DES/RC2-40) for NSS-based browsers. - scripts/install-browser-certs.sh: imports certs into Brave Flatpak's isolated NSS DB, ~/.pki/nssdb for packaged Chromium-family browsers, each Firefox profile, optionally the system trust store, and optionally drops a Brave AutoSelectCertificateForUrls policy so the cert prompt stops appearing on every page load. All three are idempotent, --help-aware, and accept env/flag overrides for the hardcoded defaults. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>