aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2023-01-01 19:38:28 +0100
committerAlex Auvolat <alex@adnab.me>2023-01-01 19:43:35 +0100
commitad6db2f1c502898e92fe377510dcf58b2d5ce6c9 (patch)
tree8f2b89b07f658891bf14ad1eb75c4d9f0f811f31
parent95540260cb40cb5b305af83c7233923d2664c3ba (diff)
downloadnixcfg-ad6db2f1c502898e92fe377510dcf58b2d5ce6c9.tar.gz
nixcfg-ad6db2f1c502898e92fe377510dcf58b2d5ce6c9.zip
Remove hardcoded years in deuxfleurs.nix
-rwxr-xr-xdeploy_pki29
-rw-r--r--nix/deuxfleurs.nix14
-rwxr-xr-xtlsproxy2
3 files changed, 29 insertions, 16 deletions
diff --git a/deploy_pki b/deploy_pki
index d7f5832..f114901 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -14,6 +14,11 @@ do
fi
done
+cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt
+cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
+cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
+cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
+
cmd systemctl restart consul
cmd sleep 10
@@ -27,19 +32,27 @@ do
fi
done
+cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
+cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key
+cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt
+cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key
+cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
+cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
+cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
+
cmd systemctl restart nomad
set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
-set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt
-set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key
+set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt
+set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
-cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR.crt"
-cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
-cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
+cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt"
+cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt"
+cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key"
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
-cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
-cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
-cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"
+cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt"
+cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt"
+cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key"
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index 14085c1..e0cb376 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -291,8 +291,8 @@ in
};
ca_file = "/var/lib/consul/pki/consul-ca.crt";
- cert_file = "/var/lib/consul/pki/consul2022.crt";
- key_file = "/var/lib/consul/pki/consul2022.key";
+ cert_file = "/var/lib/consul/pki/consul.crt";
+ key_file = "/var/lib/consul/pki/consul.key";
verify_incoming = true;
verify_outgoing = true;
verify_server_hostname = true;
@@ -324,9 +324,9 @@ in
};
consul = {
address = "localhost:8501";
- ca_file = "/var/lib/nomad/pki/consul2022.crt";
- cert_file = "/var/lib/nomad/pki/consul2022-client.crt";
- key_file = "/var/lib/nomad/pki/consul2022-client.key";
+ ca_file = "/var/lib/nomad/pki/consul.crt";
+ cert_file = "/var/lib/nomad/pki/consul-client.crt";
+ key_file = "/var/lib/nomad/pki/consul-client.key";
ssl = true;
checks_use_advertise = true;
};
@@ -344,8 +344,8 @@ in
http = true;
rpc = true;
ca_file = "/var/lib/nomad/pki/nomad-ca.crt";
- cert_file = "/var/lib/nomad/pki/nomad2022.crt";
- key_file = "/var/lib/nomad/pki/nomad2022.key";
+ cert_file = "/var/lib/nomad/pki/nomad.crt";
+ key_file = "/var/lib/nomad/pki/nomad.key";
verify_server_hostname = true;
verify_https_client = true;
};
diff --git a/tlsproxy b/tlsproxy
index bd639b2..1260d21 100755
--- a/tlsproxy
+++ b/tlsproxy
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
set -xe