From 87bb031ed00b7993a29d74aee2e89875c5444caf Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 25 Dec 2022 22:31:18 +0100 Subject: Migrate prod cluster secrets to new format --- cluster/prod/app/jitsi/secrets.toml | 36 ++++++++++++++++++++++ .../prod/app/jitsi/secrets/jitsi/auth.jitsi.crt | 1 - .../prod/app/jitsi/secrets/jitsi/auth.jitsi.key | 1 - cluster/prod/app/jitsi/secrets/jitsi/jicofo_pass | 1 - cluster/prod/app/jitsi/secrets/jitsi/jitsi.crt | 1 - cluster/prod/app/jitsi/secrets/jitsi/jitsi.key | 1 - cluster/prod/app/jitsi/secrets/jitsi/jvb_pass | 1 - 7 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 cluster/prod/app/jitsi/secrets.toml delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.crt delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.key delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/jicofo_pass delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/jitsi.crt delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/jitsi.key delete mode 100644 cluster/prod/app/jitsi/secrets/jitsi/jvb_pass (limited to 'cluster/prod/app/jitsi') diff --git a/cluster/prod/app/jitsi/secrets.toml b/cluster/prod/app/jitsi/secrets.toml new file mode 100644 index 0000000..cb6126f --- /dev/null +++ b/cluster/prod/app/jitsi/secrets.toml @@ -0,0 +1,36 @@ +# Jitsi secrets + +[secrets."jitsi/jvb_pass"] +type = 'command' +rotate = true +command = 'openssl rand -base64 24' + +[secrets."jitsi/jicofo_pass"] +type = 'command' +rotate = true +command = 'openssl rand -base64 24' + + +# SSL: Jitsi + +[secrets."jitsi/jitsi.crt"] +type = 'SSL_CERT' +name = 'jitsi' +cert_domains = "['jitsi']" + +[secrets."jitsi/jitsi.key"] +type = 'SSL_KEY' +name = 'jitsi' + + +# SSL: Jitsi auth + +[secrets."jitsi/auth.jitsi.crt"] +type = 'SSL_CERT' +name = 'jitsi_auth' +cert_domains = "['auth.jitsi']" + +[secrets."jitsi/auth.jitsi.key"] +type = 'SSL_KEY' +name = 'jitsi_auth' + diff --git a/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.crt b/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.crt deleted file mode 100644 index f4ab925..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.crt +++ /dev/null @@ -1 +0,0 @@ -SSL_CERT jitsi_auth auth.jitsi diff --git a/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.key b/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.key deleted file mode 100644 index 82e7b6b..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/auth.jitsi.key +++ /dev/null @@ -1 +0,0 @@ -SSL_KEY jitsi_auth auth.jitsi diff --git a/cluster/prod/app/jitsi/secrets/jitsi/jicofo_pass b/cluster/prod/app/jitsi/secrets/jitsi/jicofo_pass deleted file mode 100644 index 6a0f5fc..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/jicofo_pass +++ /dev/null @@ -1 +0,0 @@ -CMD openssl rand -base64 24 diff --git a/cluster/prod/app/jitsi/secrets/jitsi/jitsi.crt b/cluster/prod/app/jitsi/secrets/jitsi/jitsi.crt deleted file mode 100644 index 2eed97c..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/jitsi.crt +++ /dev/null @@ -1 +0,0 @@ -SSL_CERT jitsi jitsi diff --git a/cluster/prod/app/jitsi/secrets/jitsi/jitsi.key b/cluster/prod/app/jitsi/secrets/jitsi/jitsi.key deleted file mode 100644 index af53ca0..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/jitsi.key +++ /dev/null @@ -1 +0,0 @@ -SSL_KEY jitsi jitsi diff --git a/cluster/prod/app/jitsi/secrets/jitsi/jvb_pass b/cluster/prod/app/jitsi/secrets/jitsi/jvb_pass deleted file mode 100644 index 6a0f5fc..0000000 --- a/cluster/prod/app/jitsi/secrets/jitsi/jvb_pass +++ /dev/null @@ -1 +0,0 @@ -CMD openssl rand -base64 24 -- cgit v1.2.3