From 90a93ce7e0b80f3ff5d973597294130ab4c27669 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:23:00 +0100
Subject: [PATCH] feat(ssl): add a Coolify CA Certificate to all servers

---
 database/seeders/CaSslCertSeeder.php | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 database/seeders/CaSslCertSeeder.php

diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
new file mode 100644
index 000000000..75b78da21
--- /dev/null
+++ b/database/seeders/CaSslCertSeeder.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Database\Seeders;
+
+use App\Helpers\SslHelper;
+use App\Models\Server;
+use App\Models\SslCertificate;
+use Illuminate\Database\Seeder;
+
+class CaSslCertSeeder extends Seeder
+{
+    public function run()
+    {
+        Server::chunk(200, function ($servers) {
+            foreach ($servers as $server) {
+                $existingCert = SslCertificate::where('server_id', $server->id)->first();
+
+                if (! $existingCert) {
+                    $serverCert = SslHelper::generateSslCertificate(
+                        commonName: 'Coolify CA Certificate',
+                        serverId: $server->id,
+                        validityDays: 15 * 365
+                    );
+
+                    $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+
+                    $commands = collect([
+                        "mkdir -p $serverCertPath",
+                        "chown -R 9999:root $serverCertPath",
+                        "chmod -R 700 $serverCertPath",
+                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
+                        "chmod 644 $serverCertPath/ca.crt",
+                    ]);
+
+                    remote_process($commands, $server);
+                }
+            }
+        });
+    }
+}