Add cron job to clean up stuff; fix genpki
This commit is contained in:
parent
1ade671f96
commit
143683ed2d
3 changed files with 17 additions and 7 deletions
|
@ -72,5 +72,5 @@ consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YE
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh
|
ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh
|
||||||
ssh -F ssh_config $SSH_DEST rm -rv $TMP_PATH
|
ssh -F ssh_config $SSH_DEST rm -rv '/tmp/tmp-deploy-*'
|
||||||
done
|
done
|
||||||
|
|
14
genpki.sh
14
genpki.sh
|
@ -45,7 +45,8 @@ O = Deuxfleurs
|
||||||
CN = $APP
|
CN = $APP
|
||||||
|
|
||||||
[v3_req]
|
[v3_req]
|
||||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth
|
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
|
||||||
|
extendedKeyUsage = serverAuth, clientAuth
|
||||||
subjectAltName = @alt_names
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
[alt_names]
|
[alt_names]
|
||||||
|
@ -85,7 +86,8 @@ O = Deuxfleurs
|
||||||
CN = $APP-client
|
CN = $APP-client
|
||||||
|
|
||||||
[v3_req]
|
[v3_req]
|
||||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth
|
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
|
||||||
|
extendedKeyUsage = clientAuth
|
||||||
subjectAltName = @alt_names
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
[alt_names]
|
[alt_names]
|
||||||
|
@ -97,8 +99,8 @@ EOF
|
||||||
rm $CERT-client.csr
|
rm $CERT-client.csr
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f $CERT-client.p12 ]; then
|
#if [ ! -f $CERT-client.p12 ]; then
|
||||||
openssl pkcs12 -export -out $CERT-client.p12 \
|
# openssl pkcs12 -export -out $CERT-client.p12 \
|
||||||
-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
|
# -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
|
||||||
fi
|
#fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -9,4 +9,12 @@
|
||||||
services.nomad.settings.datacenter = "neptune";
|
services.nomad.settings.datacenter = "neptune";
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.cron = {
|
||||||
|
enable = true;
|
||||||
|
systemCronJobs = [
|
||||||
|
"0 2 * * * ${config.system.path}/bin/nix-collect-garbage --delete-older-than 10d"
|
||||||
|
"30 2 * * * ${config.system.path}/bin/docker run --rm -it -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 10d"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue