From 71870c1fdabda086fc5e950268330bf40c9a570b Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 24 Apr 2023 00:05:48 +0200
Subject: [PATCH] parameterize CA script

---
 files/get_cert.sh | 4 ++--
 main.tf           | 1 +
 variables.tf      | 5 +++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/files/get_cert.sh b/files/get_cert.sh
index 6ec27d6..d663599 100755
--- a/files/get_cert.sh
+++ b/files/get_cert.sh
@@ -2,11 +2,11 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')"
+eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\.(.cascript)"')"
 
 # TODO: Can this be done more eye-pleasingly?
 set +e
-CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz')
+CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$PUBKEY"'" "'"$HOST"'".dmz')
 retval=$?
 set -e
 
diff --git a/main.tf b/main.tf
index 3df7c0a..65bbd27 100644
--- a/main.tf
+++ b/main.tf
@@ -38,6 +38,7 @@ data "external" "cert" {
     pubkey = trimspace(data.tls_public_key.debian.public_key_openssh)
     host   = var.name
     cahost = var.ca_host
+    cascript = var.ca_script
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 7eeb8ac..b5909f7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -37,6 +37,11 @@ variable "ca_host" {
   description = "Host to contact when fetching a SSH host certificate."
 }
 
+variable "ca_script" {
+  type = string
+  description = "Script to call when fetching a SSH host certificate."
+}
+
 variable "domain_name" {
   type        = string
   default     = null