Use Tricot certificates instead of self-signed ones

This commit is contained in:
Quentin 2022-07-06 13:16:22 +02:00
parent 0e81c9f23b
commit ceae80d87c
Signed by: quentin
GPG key ID: E9602264D639FF68
2 changed files with 18 additions and 6 deletions

View file

@ -149,12 +149,14 @@ job "email" {
# ----- secrets ------ # ----- secrets ------
template { template {
data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" # data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/certs/dovecot.crt" destination = "secrets/ssl/certs/dovecot.crt"
perms = "400" perms = "400"
} }
template { template {
data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" # data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}"
data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/private/dovecot.key" destination = "secrets/ssl/private/dovecot.key"
perms = "400" perms = "400"
} }
@ -380,13 +382,15 @@ job "email" {
# --- secrets --- # --- secrets ---
template { template {
data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" # data = "{{ key \"secrets/email/postfix/postfix.crt\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
destination = "secrets/ssl/postfix.crt" destination = "secrets/ssl/postfix.crt"
perms = "400" perms = "400"
} }
template { template {
data = "{{ key \"secrets/email/postfix/postfix.key\" }}" # data = "{{ key \"secrets/email/postfix/postfix.key\" }}"
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
destination = "secrets/ssl/postfix.key" destination = "secrets/ssl/postfix.key"
perms = "400" perms = "400"
} }

View file

@ -167,6 +167,11 @@ Now we need a service that runs:
restic backup . restic backup .
``` ```
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository
to use it as an example.
And also that garbage collect snapshots. And also that garbage collect snapshots.
I propose: I propose:
@ -174,5 +179,8 @@ I propose:
restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
``` ```
Find an existing .hcl declaration that uses restic in this repository or in the Deuxfleurs/nixcfg repository Also try to restore a snapshot:
to use it as an example.
```
restic restore <snapshot id> --target /tmp/$SERVICE_NAME
```