diff options
Diffstat (limited to 'deploy.sh')
| -rwxr-xr-x | deploy.sh | 26 |
1 files changed, 23 insertions, 3 deletions
@@ -31,7 +31,9 @@ for NIXHOST in $NIXHOSTLIST; do cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST tee $TMP_PATH/site.nix > /dev/null echo "Sending secret files" - for SECRET in rclone.conf pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do + for SECRET in rclone.conf \ + pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \ + pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do test -f secrets/$SECRET && (cat secrets/$SECRET | ssh -F ssh_config $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null) done @@ -45,10 +47,28 @@ mv configuration.nix node.nix site.nix /etc/nixos test -f rclone.conf && (mv rclone.conf /root; chmod 600 /root/rclone.conf) -mkdir -p /var/lib/nomad/pki -test -f pki/nomad-ca.crt && mv -v pki/nomad* /var/lib/nomad/pki +mkdir -p /var/lib/nomad/pki /var/lib/consul/pki + +if [ -f pki/consul-ca.crt ]; then + cp pki/consul* /var/lib/nomad/pki + mv pki/consul* /var/lib/consul/pki + chown -R consul:root /var/lib/consul/pki +fi + +if [ -f pki/nomad-ca.crt ]; then + mv pki/nomad* /var/lib/nomad/pki +fi nixos-rebuild switch + +# Save up-to-date Consul client certificates in Consul itself +export CONSUL_HTTP_ADDR=https://localhost:8501 +export CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt +export CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt +export CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key +consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt +consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt +consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key EOF ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh |