diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-07-06 13:16:22 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-07-06 13:16:50 +0200 |
| commit | ceae80d87cf9974bf0a69bd247fd35f416b9f8a9 (patch) | |
| tree | fc621426d7515c666f2eb1075158045246b51381 | |
| parent | 0e81c9f23b320eae5036e834ed375adfc987739f (diff) | |
| download | infrastructure-ceae80d87cf9974bf0a69bd247fd35f416b9f8a9.tar.gz infrastructure-ceae80d87cf9974bf0a69bd247fd35f416b9f8a9.zip | |
Use Tricot certificates instead of self-signed ones
| -rw-r--r-- | app/email/deploy/email.hcl | 12 | ||||
| -rw-r--r-- | op_guide/restic/README.md | 12 |
2 files changed, 18 insertions, 6 deletions
diff --git a/app/email/deploy/email.hcl b/app/email/deploy/email.hcl index c69f51c..5c3c637 100644 --- a/app/email/deploy/email.hcl +++ b/app/email/deploy/email.hcl @@ -149,12 +149,14 @@ job "email" { # ----- secrets ------ template { - data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" + # data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" + data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/certs/dovecot.crt" perms = "400" } template { - data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" + # data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" + data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/private/dovecot.key" perms = "400" } @@ -380,13 +382,15 @@ job "email" { # --- secrets --- template { - data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" + # data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" + data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/postfix.crt" perms = "400" } template { - data = "{{ key \"secrets/email/postfix/postfix.key\" }}" + # data = "{{ key \"secrets/email/postfix/postfix.key\" }}" + data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/postfix.key" perms = "400" } diff --git a/op_guide/restic/README.md b/op_guide/restic/README.md index cf67d92..f8fb658 100644 --- a/op_guide/restic/README.md +++ b/op_guide/restic/README.md @@ -167,6 +167,11 @@ Now we need a service that runs: restic backup . ``` + +Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository +to use it as an example. + + And also that garbage collect snapshots. I propose: @@ -174,5 +179,8 @@ I propose: restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ``` -Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository -to use it as an example. +Also try to restore a snapshot: + +``` +restic restore <snapshot id> --target /tmp/$SERVICE_NAME +``` |