#
# thomas@linuxmuster.net
# 01.07.2016
# GPL v3
#

echo "### 03_certificates postpatch"

# make script executable
chmod 744 $SCRIPTSDIR/create-ssl-cert.sh

if [ "$1" = "--first" -o "$update_certs" = "yes" ]; then

  # new apache cert
  $SCRIPTSDIR/create-ssl-cert.sh

  # delete old ssh keys
  rm -f /etc/ssh/*key*
  rm -rf /root/.ssh
  mkdir -p /root/.ssh

  # create new ssh keys for root and host
  for i in dsa rsa ecdsa; do
   rootkey="/root/.ssh/id_${i}"
   hostkey="/etc/ssh/ssh_host_${i}_key"
   ssh-keygen -t "$i" -f "$hostkey" -N ''
   ssh-keygen -t "$i" -f "$rootkey" -N ''
  done

fi

service ssh start

# ssl-cert permissions
chown root:ssl-cert /etc/ssl/private -R
chmod 750 /etc/ssl/private
