diff options
author | Alex Auvolat <alex@adnab.me> | 2023-01-01 19:38:28 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2023-01-01 19:43:35 +0100 |
commit | ad6db2f1c502898e92fe377510dcf58b2d5ce6c9 (patch) | |
tree | 8f2b89b07f658891bf14ad1eb75c4d9f0f811f31 | |
parent | 95540260cb40cb5b305af83c7233923d2664c3ba (diff) | |
download | nixcfg-ad6db2f1c502898e92fe377510dcf58b2d5ce6c9.tar.gz nixcfg-ad6db2f1c502898e92fe377510dcf58b2d5ce6c9.zip |
Remove hardcoded years in deuxfleurs.nix
-rwxr-xr-x | deploy_pki | 29 | ||||
-rw-r--r-- | nix/deuxfleurs.nix | 14 | ||||
-rwxr-xr-x | tlsproxy | 2 |
3 files changed, 29 insertions, 16 deletions
@@ -14,6 +14,11 @@ do fi done +cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt +cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key +cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt +cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key + cmd systemctl restart consul cmd sleep 10 @@ -27,19 +32,27 @@ do fi done +cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt +cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key +cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt +cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key +cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt +cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt +cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key + cmd systemctl restart nomad set_env CONSUL_HTTP_ADDR=https://localhost:8501 set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt -set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt -set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key +set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt +set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt" -cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR.crt" -cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt" -cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key" +cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt" +cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt" +cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key" cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt" -cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt" -cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt" -cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key" +cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt" +cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt" +cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key" diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 14085c1..e0cb376 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -291,8 +291,8 @@ in }; ca_file = "/var/lib/consul/pki/consul-ca.crt"; - cert_file = "/var/lib/consul/pki/consul2022.crt"; - key_file = "/var/lib/consul/pki/consul2022.key"; + cert_file = "/var/lib/consul/pki/consul.crt"; + key_file = "/var/lib/consul/pki/consul.key"; verify_incoming = true; verify_outgoing = true; verify_server_hostname = true; @@ -324,9 +324,9 @@ in }; consul = { address = "localhost:8501"; - ca_file = "/var/lib/nomad/pki/consul2022.crt"; - cert_file = "/var/lib/nomad/pki/consul2022-client.crt"; - key_file = "/var/lib/nomad/pki/consul2022-client.key"; + ca_file = "/var/lib/nomad/pki/consul.crt"; + cert_file = "/var/lib/nomad/pki/consul-client.crt"; + key_file = "/var/lib/nomad/pki/consul-client.key"; ssl = true; checks_use_advertise = true; }; @@ -344,8 +344,8 @@ in http = true; rpc = true; ca_file = "/var/lib/nomad/pki/nomad-ca.crt"; - cert_file = "/var/lib/nomad/pki/nomad2022.crt"; - key_file = "/var/lib/nomad/pki/nomad2022.key"; + cert_file = "/var/lib/nomad/pki/nomad.crt"; + key_file = "/var/lib/nomad/pki/nomad.key"; verify_server_hostname = true; verify_https_client = true; }; @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -xe |