change(docker): use step-ca for CA + cert generation

Signed-off-by: Kevin Morris <kevr@0cost.org>

docker/scripts/install-deps.sh

@@ -9,6 +9,6 @@ pacman -Syu --noconfirm --noprogressbar \
       mariadb mariadb-libs cgit-aurweb uwsgi uwsgi-plugin-cgi \
       php php-fpm memcached php-memcached python-pip pyalpm \
       python-srcinfo curl libeatmydata cronie python-poetry \
-      python-poetry-core
+      python-poetry-core step-cli step-ca
 
 exec "$@"

docker/scripts/run-ca.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+STEP_DIR="$(step-cli path)"
+STEP_PASSWD_FILE="$STEP_DIR/password.txt"
+STEP_CA_CONFIG="$STEP_DIR/config/ca.json"
+
+# Start the step-ca https server.
+exec step-ca "$STEP_CA_CONFIG" --password-file="$STEP_PASSWD_FILE"

docker/scripts/update-step-config

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+import json
+import sys
+
+CA_CONFIG = sys.argv[1]
+
+with open(CA_CONFIG) as f:
+    data = json.load(f)
+
+if "authority" not in data:
+    data["authority"] = dict()
+if "claims" not in data["authority"]:
+    data["authority"]["claims"] = dict()
+
+# One year of certificate duration.
+data["authority"]["claims"] = {"maxTLSCertDuration": "8800h"}
+
+with open(CA_CONFIG, "w") as f:
+    json.dump(data, f)