Add cron job to clean up stuff; fix genpki
This commit is contained in:
parent
1ade671f96
commit
143683ed2d
3 changed files with 17 additions and 7 deletions
|
@ -72,5 +72,5 @@ consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YE
|
|||
EOF
|
||||
|
||||
ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh
|
||||
ssh -F ssh_config $SSH_DEST rm -rv $TMP_PATH
|
||||
ssh -F ssh_config $SSH_DEST rm -rv '/tmp/tmp-deploy-*'
|
||||
done
|
||||
|
|
14
genpki.sh
14
genpki.sh
|
@ -45,7 +45,8 @@ O = Deuxfleurs
|
|||
CN = $APP
|
||||
|
||||
[v3_req]
|
||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth
|
||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
|
||||
extendedKeyUsage = serverAuth, clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
|
@ -85,7 +86,8 @@ O = Deuxfleurs
|
|||
CN = $APP-client
|
||||
|
||||
[v3_req]
|
||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth
|
||||
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
|
||||
extendedKeyUsage = clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
|
@ -97,8 +99,8 @@ EOF
|
|||
rm $CERT-client.csr
|
||||
fi
|
||||
|
||||
if [ ! -f $CERT-client.p12 ]; then
|
||||
openssl pkcs12 -export -out $CERT-client.p12 \
|
||||
-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
|
||||
fi
|
||||
#if [ ! -f $CERT-client.p12 ]; then
|
||||
# openssl pkcs12 -export -out $CERT-client.p12 \
|
||||
# -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
|
||||
#fi
|
||||
done
|
||||
|
|
|
@ -9,4 +9,12 @@
|
|||
services.nomad.settings.datacenter = "neptune";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
"0 2 * * * ${config.system.path}/bin/nix-collect-garbage --delete-older-than 10d"
|
||||
"30 2 * * * ${config.system.path}/bin/docker run --rm -it -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 10d"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue