Use Tricot certificates instead of self-signed ones
This commit is contained in:
parent
0e81c9f23b
commit
ceae80d87c
2 changed files with 18 additions and 6 deletions
|
@ -149,12 +149,14 @@ job "email" {
|
|||
|
||||
# ----- secrets ------
|
||||
template {
|
||||
data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
|
||||
# data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
|
||||
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
|
||||
destination = "secrets/ssl/certs/dovecot.crt"
|
||||
perms = "400"
|
||||
}
|
||||
template {
|
||||
data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
|
||||
# data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
|
||||
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
|
||||
destination = "secrets/ssl/private/dovecot.key"
|
||||
perms = "400"
|
||||
}
|
||||
|
@ -380,13 +382,15 @@ job "email" {
|
|||
|
||||
# --- secrets ---
|
||||
template {
|
||||
data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
|
||||
# data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
|
||||
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
|
||||
destination = "secrets/ssl/postfix.crt"
|
||||
perms = "400"
|
||||
}
|
||||
|
||||
template {
|
||||
data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
|
||||
# data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
|
||||
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
|
||||
destination = "secrets/ssl/postfix.key"
|
||||
perms = "400"
|
||||
}
|
||||
|
|
|
@ -167,6 +167,11 @@ Now we need a service that runs:
|
|||
restic backup .
|
||||
```
|
||||
|
||||
|
||||
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository
|
||||
to use it as an example.
|
||||
|
||||
|
||||
And also that garbage collect snapshots.
|
||||
I propose:
|
||||
|
||||
|
@ -174,5 +179,8 @@ I propose:
|
|||
restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
|
||||
```
|
||||
|
||||
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository
|
||||
to use it as an example.
|
||||
Also try to restore a snapshot:
|
||||
|
||||
```
|
||||
restic restore <snapshot id> --target /tmp/$SERVICE_NAME
|
||||
```
|
||||
|
|
Reference in a new issue