Deuxfleurs
/
infrastructure
Archived
24
2
Fork 2
Code Issues 22 Pull Requests Projects 1 Releases Wiki Activity

Use Tricot certificates instead of self-signed ones

This commit is contained in:
Quentin 2022-07-06 13:16:22 +02:00
parent 0e81c9f23b
commit ceae80d87c
Signed by: quentin
GPG Key ID: E9602264D639FF68
2 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/email/deploy/email.hcl
View File

@ -149,12 +149,14 @@ job "email" {
# ----- secrets ------
template {
data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
# data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/certs/dovecot.crt"
perms = "400"
}
template {
data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
# data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/private/dovecot.key"
perms = "400"
}
@ -380,13 +382,15 @@ job "email" {
# --- secrets ---
template {
data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
# data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/postfix.crt"
perms = "400"
}
template {
data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
# data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/postfix.key"
perms = "400"
}

12
op_guide/restic/README.md
View File

@ -167,6 +167,11 @@ Now we need a service that runs:
restic backup .
```
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository
to use it as an example.
And also that garbage collect snapshots.
I propose:
@ -174,5 +179,8 @@ I propose:
restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
```
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository
to use it as an example.
Also try to restore a snapshot:
```
restic restore <snapshot id> --target /tmp/$SERVICE_NAME
```