aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-01-03 23:47:55 +0100
committerAlex Auvolat <alex@adnab.me>2022-01-03 23:47:55 +0100
commit143683ed2da5f537a7586b7263e648403b18ed17 (patch)
tree6549cd1a1988a16e952d39f32869a68b8b2a8c28
parent1ade671f964516976151ab8b2e8dc6027aa9e73f (diff)
downloadnixcfg-143683ed2da5f537a7586b7263e648403b18ed17.tar.gz
nixcfg-143683ed2da5f537a7586b7263e648403b18ed17.zip
Add cron job to clean up stuff; fix genpki
-rwxr-xr-xdeploy.sh2
-rwxr-xr-xgenpki.sh14
-rw-r--r--site/neptune.nix8
3 files changed, 17 insertions, 7 deletions
diff --git a/deploy.sh b/deploy.sh
index 1354fd3..a30b8c6 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -72,5 +72,5 @@ consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YE
EOF
ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh
- ssh -F ssh_config $SSH_DEST rm -rv $TMP_PATH
+ ssh -F ssh_config $SSH_DEST rm -rv '/tmp/tmp-deploy-*'
done
diff --git a/genpki.sh b/genpki.sh
index be10f6f..0ee6331 100755
--- a/genpki.sh
+++ b/genpki.sh
@@ -45,7 +45,8 @@ O = Deuxfleurs
CN = $APP
[v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth
+keyUsage = keyEncipherment, keyCertSign, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
@@ -85,7 +86,8 @@ O = Deuxfleurs
CN = $APP-client
[v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth
+keyUsage = keyEncipherment, keyCertSign, dataEncipherment
+extendedKeyUsage = clientAuth
subjectAltName = @alt_names
[alt_names]
@@ -97,8 +99,8 @@ EOF
rm $CERT-client.csr
fi
- if [ ! -f $CERT-client.p12 ]; then
- openssl pkcs12 -export -out $CERT-client.p12 \
- -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
- fi
+ #if [ ! -f $CERT-client.p12 ]; then
+ # openssl pkcs12 -export -out $CERT-client.p12 \
+ # -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
+ #fi
done
diff --git a/site/neptune.nix b/site/neptune.nix
index 781e512..f7517c2 100644
--- a/site/neptune.nix
+++ b/site/neptune.nix
@@ -9,4 +9,12 @@
services.nomad.settings.datacenter = "neptune";
networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ services.cron = {
+ enable = true;
+ systemCronJobs = [
+ "0 2 * * * ${config.system.path}/bin/nix-collect-garbage --delete-older-than 10d"
+ "30 2 * * * ${config.system.path}/bin/docker run --rm -it -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 10d"
+ ];
+ };
}