diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-12-25 23:03:37 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-12-25 23:03:37 +0100 |
| commit | 40f56707535a7167c1ea1e4bafb0868dfaba8117 (patch) | |
| tree | bf34fb92640e43baa5c22f0efe9685624d6adb7a | |
| parent | 2bbf54094505c5b354e7bf32874da791fa938431 (diff) | |
| download | nixcfg-40f56707535a7167c1ea1e4bafb0868dfaba8117.tar.gz nixcfg-40f56707535a7167c1ea1e4bafb0868dfaba8117.zip | |
Remove old way of doing email certs (self-signed)
| -rwxr-xr-x | cluster/prod/app/email/config/dovecot/certs.gen | 13 | ||||
| -rwxr-xr-x | cluster/prod/app/email/config/postfix/certs.gen | 13 | ||||
| -rw-r--r-- | cluster/prod/app/email/deploy/email.hcl | 4 | ||||
| -rw-r--r-- | cluster/prod/app/email/secrets.toml | 19 |
4 files changed, 0 insertions, 49 deletions
diff --git a/cluster/prod/app/email/config/dovecot/certs.gen b/cluster/prod/app/email/config/dovecot/certs.gen deleted file mode 100755 index f26e917..0000000 --- a/cluster/prod/app/email/config/dovecot/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - diff --git a/cluster/prod/app/email/config/postfix/certs.gen b/cluster/prod/app/email/config/postfix/certs.gen deleted file mode 100755 index f25439b..0000000 --- a/cluster/prod/app/email/config/postfix/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - diff --git a/cluster/prod/app/email/deploy/email.hcl b/cluster/prod/app/email/deploy/email.hcl index 7925975..84f4c3b 100644 --- a/cluster/prod/app/email/deploy/email.hcl +++ b/cluster/prod/app/email/deploy/email.hcl @@ -150,13 +150,11 @@ job "email" { # ----- secrets ------ template { - # data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/certs/dovecot.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/private/dovecot.key" perms = "400" @@ -381,14 +379,12 @@ job "email" { # --- secrets --- template { - # data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/postfix.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/postfix/postfix.key\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/postfix.key" perms = "400" diff --git a/cluster/prod/app/email/secrets.toml b/cluster/prod/app/email/secrets.toml index 95df626..6263e33 100644 --- a/cluster/prod/app/email/secrets.toml +++ b/cluster/prod/app/email/secrets.toml @@ -1,14 +1,5 @@ # ---- POSTFIX ---- -[secrets."email/postfix/postfix.key"] -type = 'SSL_KEY' -name = 'postfix' - -[secrets."email/postfix/postfix.crt"] -type = 'SSL_CERT' -name = 'postfix' -cert_domains = "['deuxfleurs.fr']" - [secrets."email/dkim/smtp.private"] type = 'RSA_PRIVATE_KEY' name = 'dkim' @@ -20,16 +11,6 @@ dn_secret = "email/dovecot/ldap_binddn" password_secret = "email/dovecot/ldap_bindpwd" -[secrets."email/dovecot/dovecot.key"] -type = 'SSL_KEY' -name = 'dovecot' - -[secrets."email/dovecot/dovecot.crt"] -type = 'SSL_CERT' -name = 'dovecot' -cert_domains = "['deuxfleurs.fr']" - - # ---- SOGO ---- [service_users."sogo"] |