From 49a12e960cdba0bbf01ea45be4e3809d37f7a45c Mon Sep 17 00:00:00 2001
From: DrMaxNix <git@drmaxnix.de>
Date: Tue, 27 Aug 2024 20:17:53 +0200
Subject: [PATCH] :zap: ship pre-generated dh parameters

---
 entrypoint.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index a23573f..4a57b6d 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -122,8 +122,15 @@ easyrsa_server_keys_create(){
 	
 	
 	## OTHER KEYS ##
-	# dh parameters
-	openssl dhparam -out "${DATA_SERVER_DIR}/dh2048.pem" 2048
+	# dh parameters from `IETF RFC 7919`
+	echo "-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----" > "${DATA_SERVER_DIR}/dh2048.pem"
 	
 	# tls-crypt key
 	openvpn --genkey secret "${DATA_SERVER_DIR}/tls-crypt.key"