From 226fbabf655656f16ca883c8489a2360abdb8367 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 20 Apr 2022 15:29:24 +0200
Subject: tlsproxy from pass; fix tls stuff

---
 deploy_pki | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'deploy_pki')

diff --git a/deploy_pki b/deploy_pki
index 8cbd456..167ac50 100755
--- a/deploy_pki
+++ b/deploy_pki
@@ -5,7 +5,9 @@ YEAR=$(date +%Y)
 
 cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
 
-for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
+for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key \
+	consul$YEAR-client.crt consul$YEAR-client.key
+do
 	if pass $PKI/$file >/dev/null; then
 		write_pass $PKI/$file /var/lib/consul/pki/$file
 		cmd chown consul:root /var/lib/consul/pki/$file
@@ -15,9 +17,12 @@ done
 cmd systemctl restart consul
 cmd sleep 10
 
-for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
+for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
+	consul$YEAR.crt consul$YEAR-client.crt consul$YEAR-client.key
+do
 	if pass $PKI/$file >/dev/null; then
 		write_pass $PKI/$file /var/lib/nomad/pki/$file
+		cmd "chown \$(stat -c %u /var/lib/private/nomad) /var/lib/nomad/pki/$file"
 	fi
 done
 
-- 
cgit v1.2.3