tlsproxy from pass; fix tls stuff

author: Alex Auvolat <alex@adnab.me> 2022-04-20 15:29:24 +0200
committer: Alex Auvolat <alex@adnab.me> 2022-04-20 15:29:24 +0200
commit: 226fbabf655656f16ca883c8489a2360abdb8367 (patch)
tree: 2983e42a4cdccc408f2added26d9df21342fdd7a /deploy_pki
parent: 7c1444b7143710066f5173119a529c3b5e101300 (diff)
download: nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.tar.gz
nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/deploy_pki b/deploy_pki
index 8cbd456..167ac50 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -5,7 +5,9 @@ YEAR=$(date +%Y)
 
 cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
 
-for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
+for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key \
+	consul$YEAR-client.crt consul$YEAR-client.key
+do
 	if pass $PKI/$file >/dev/null; then
 		write_pass $PKI/$file /var/lib/consul/pki/$file
 		cmd chown consul:root /var/lib/consul/pki/$file
@@ -15,9 +17,12 @@ done
 cmd systemctl restart consul
 cmd sleep 10
 
-for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
+for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
+	consul$YEAR.crt consul$YEAR-client.crt consul$YEAR-client.key
+do
 	if pass $PKI/$file >/dev/null; then
 		write_pass $PKI/$file /var/lib/nomad/pki/$file
+		cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file"
 	fi
 done
author	Alex Auvolat <alex@adnab.me>	2022-04-20 15:29:24 +0200
committer	Alex Auvolat <alex@adnab.me>	2022-04-20 15:29:24 +0200
commit	226fbabf655656f16ca883c8489a2360abdb8367 (patch)
tree	2983e42a4cdccc408f2added26d9df21342fdd7a /deploy_pki
parent	7c1444b7143710066f5173119a529c3b5e101300 (diff)
download	nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.tar.gz nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.zip