From 40f56707535a7167c1ea1e4bafb0868dfaba8117 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 25 Dec 2022 23:03:37 +0100 Subject: [PATCH] Remove old way of doing email certs (self-signed) --- .../prod/app/email/config/dovecot/certs.gen | 13 ------------- .../prod/app/email/config/postfix/certs.gen | 13 ------------- cluster/prod/app/email/deploy/email.hcl | 4 ---- cluster/prod/app/email/secrets.toml | 19 ------------------- 4 files changed, 49 deletions(-) delete mode 100755 cluster/prod/app/email/config/dovecot/certs.gen delete mode 100755 cluster/prod/app/email/config/postfix/certs.gen diff --git a/cluster/prod/app/email/config/dovecot/certs.gen b/cluster/prod/app/email/config/dovecot/certs.gen deleted file mode 100755 index f26e917..0000000 --- a/cluster/prod/app/email/config/dovecot/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=imap.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout dovecot.key \ - -out dovecot.crt - diff --git a/cluster/prod/app/email/config/postfix/certs.gen b/cluster/prod/app/email/config/postfix/certs.gen deleted file mode 100755 index f25439b..0000000 --- a/cluster/prod/app/email/config/postfix/certs.gen +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=smtp.deuxfleurs.fr" -openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj ${TLSINFO} \ - -keyout postfix.key \ - -out postfix.crt - diff --git a/cluster/prod/app/email/deploy/email.hcl b/cluster/prod/app/email/deploy/email.hcl index 7925975..84f4c3b 100644 --- a/cluster/prod/app/email/deploy/email.hcl +++ b/cluster/prod/app/email/deploy/email.hcl @@ -150,13 +150,11 @@ job "email" { # ----- secrets ------ template { - # data = "{{ key \"secrets/email/dovecot/dovecot.crt\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/certs/dovecot.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/dovecot/dovecot.key\" }}" data = "{{ with $d := key \"tricot/certs/imap.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/private/dovecot.key" perms = "400" @@ -381,14 +379,12 @@ job "email" { # --- secrets --- template { - # data = "{{ key \"secrets/email/postfix/postfix.crt\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" destination = "secrets/ssl/postfix.crt" perms = "400" } template { - # data = "{{ key \"secrets/email/postfix/postfix.key\" }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}" destination = "secrets/ssl/postfix.key" perms = "400" diff --git a/cluster/prod/app/email/secrets.toml b/cluster/prod/app/email/secrets.toml index 95df626..6263e33 100644 --- a/cluster/prod/app/email/secrets.toml +++ b/cluster/prod/app/email/secrets.toml @@ -1,14 +1,5 @@ # ---- POSTFIX ---- -[secrets."email/postfix/postfix.key"] -type = 'SSL_KEY' -name = 'postfix' - -[secrets."email/postfix/postfix.crt"] -type = 'SSL_CERT' -name = 'postfix' -cert_domains = "['deuxfleurs.fr']" - [secrets."email/dkim/smtp.private"] type = 'RSA_PRIVATE_KEY' name = 'dkim' @@ -20,16 +11,6 @@ dn_secret = "email/dovecot/ldap_binddn" password_secret = "email/dovecot/ldap_bindpwd" -[secrets."email/dovecot/dovecot.key"] -type = 'SSL_KEY' -name = 'dovecot' - -[secrets."email/dovecot/dovecot.crt"] -type = 'SSL_CERT' -name = 'dovecot' -cert_domains = "['deuxfleurs.fr']" - - # ---- SOGO ---- [service_users."sogo"]