Refactor secrets

author: Alex Auvolat <alex@adnab.me> 2022-04-20 13:07:39 +0200
committer: Alex Auvolat <alex@adnab.me> 2022-04-20 13:07:39 +0200
commit: d056b385d71d5b33165ab87cbedffb243d168c8a (patch)
tree: 36dd218ff23ca150775815ae71c87d711301afa6 /deploy_pki
parent: 9c9c776213478023d4cab6290efcb6adfdbbbe86 (diff)
download: nixcfg-d056b385d71d5b33165ab87cbedffb243d168c8a.tar.gz
nixcfg-d056b385d71d5b33165ab87cbedffb243d168c8a.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/deploy_pki b/deploy_pki
index fffb3d0..841088c 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -7,18 +7,17 @@ cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
 
 for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
 	if [ -f "$PKI/$file" ]; then
-		copy $PKI/$file /var/lib/consul/pki/$file
+		copy_secret $PKI/$file /var/lib/consul/pki/$file
 		cmd chown consul:root /var/lib/consul/pki/$file
-		cmd chmod 0400 /var/lib/consul/pki/$file
 	fi
 done
 
 cmd systemctl restart consul
 cmd sleep 10
 
-for file in nomad-ca.crt nomad$YEAR.crt nomad$YER.key; do
+for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
 	if [ -f "$PKI/$file" ]; then
-		copy $PKI/$file /var/lib/nomad/pki/$file
+		copy_secret $PKI/$file /var/lib/nomad/pki/$file
 	fi
 done
author	Alex Auvolat <alex@adnab.me>	2022-04-20 13:07:39 +0200
committer	Alex Auvolat <alex@adnab.me>	2022-04-20 13:07:39 +0200
commit	d056b385d71d5b33165ab87cbedffb243d168c8a (patch)
tree	36dd218ff23ca150775815ae71c87d711301afa6 /deploy_pki
parent	9c9c776213478023d4cab6290efcb6adfdbbbe86 (diff)
download	nixcfg-d056b385d71d5b33165ab87cbedffb243d168c8a.tar.gz nixcfg-d056b385d71d5b33165ab87cbedffb243d168c8a.zip