diff options
author | Alex Auvolat <alex@adnab.me> | 2022-01-03 23:47:55 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-01-03 23:47:55 +0100 |
commit | 143683ed2da5f537a7586b7263e648403b18ed17 (patch) | |
tree | 6549cd1a1988a16e952d39f32869a68b8b2a8c28 | |
parent | 1ade671f964516976151ab8b2e8dc6027aa9e73f (diff) | |
download | nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.tar.gz nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.zip |
Add cron job to clean up stuff; fix genpki
-rwxr-xr-x | deploy.sh | 2 | ||||
-rwxr-xr-x | genpki.sh | 14 | ||||
-rw-r--r-- | site/neptune.nix | 8 |
3 files changed, 17 insertions, 7 deletions
@@ -72,5 +72,5 @@ consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YE EOF ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh - ssh -F ssh_config $SSH_DEST rm -rv $TMP_PATH + ssh -F ssh_config $SSH_DEST rm -rv '/tmp/tmp-deploy-*' done @@ -45,7 +45,8 @@ O = Deuxfleurs CN = $APP [v3_req] -keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth +keyUsage = keyEncipherment, keyCertSign, dataEncipherment +extendedKeyUsage = serverAuth, clientAuth subjectAltName = @alt_names [alt_names] @@ -85,7 +86,8 @@ O = Deuxfleurs CN = $APP-client [v3_req] -keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth +keyUsage = keyEncipherment, keyCertSign, dataEncipherment +extendedKeyUsage = clientAuth subjectAltName = @alt_names [alt_names] @@ -97,8 +99,8 @@ EOF rm $CERT-client.csr fi - if [ ! -f $CERT-client.p12 ]; then - openssl pkcs12 -export -out $CERT-client.p12 \ - -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key - fi + #if [ ! -f $CERT-client.p12 ]; then + # openssl pkcs12 -export -out $CERT-client.p12 \ + # -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key + #fi done diff --git a/site/neptune.nix b/site/neptune.nix index 781e512..f7517c2 100644 --- a/site/neptune.nix +++ b/site/neptune.nix @@ -9,4 +9,12 @@ services.nomad.settings.datacenter = "neptune"; networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.cron = { + enable = true; + systemCronJobs = [ + "0 2 * * * ${config.system.path}/bin/nix-collect-garbage --delete-older-than 10d" + "30 2 * * * ${config.system.path}/bin/docker run --rm -it -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 10d" + ]; + }; } |