Remove hardcoded years in deuxfleurs.nix
This commit is contained in:
parent
95540260cb
commit
ad6db2f1c5
3 changed files with 29 additions and 16 deletions
29
deploy_pki
29
deploy_pki
|
@ -14,6 +14,11 @@ do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt
|
||||||
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
|
||||||
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
|
||||||
|
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
|
||||||
|
|
||||||
cmd systemctl restart consul
|
cmd systemctl restart consul
|
||||||
cmd sleep 10
|
cmd sleep 10
|
||||||
|
|
||||||
|
@ -27,19 +32,27 @@ do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
|
||||||
|
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
|
||||||
|
|
||||||
cmd systemctl restart nomad
|
cmd systemctl restart nomad
|
||||||
|
|
||||||
set_env CONSUL_HTTP_ADDR=https://localhost:8501
|
set_env CONSUL_HTTP_ADDR=https://localhost:8501
|
||||||
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
|
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
|
||||||
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt
|
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt
|
||||||
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key
|
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key
|
||||||
|
|
||||||
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
|
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
|
||||||
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR.crt"
|
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt"
|
||||||
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
|
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt"
|
||||||
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
|
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key"
|
||||||
|
|
||||||
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
|
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
|
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
|
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt"
|
||||||
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"
|
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key"
|
||||||
|
|
|
@ -291,8 +291,8 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
ca_file = "/var/lib/consul/pki/consul-ca.crt";
|
ca_file = "/var/lib/consul/pki/consul-ca.crt";
|
||||||
cert_file = "/var/lib/consul/pki/consul2022.crt";
|
cert_file = "/var/lib/consul/pki/consul.crt";
|
||||||
key_file = "/var/lib/consul/pki/consul2022.key";
|
key_file = "/var/lib/consul/pki/consul.key";
|
||||||
verify_incoming = true;
|
verify_incoming = true;
|
||||||
verify_outgoing = true;
|
verify_outgoing = true;
|
||||||
verify_server_hostname = true;
|
verify_server_hostname = true;
|
||||||
|
@ -324,9 +324,9 @@ in
|
||||||
};
|
};
|
||||||
consul = {
|
consul = {
|
||||||
address = "localhost:8501";
|
address = "localhost:8501";
|
||||||
ca_file = "/var/lib/nomad/pki/consul2022.crt";
|
ca_file = "/var/lib/nomad/pki/consul.crt";
|
||||||
cert_file = "/var/lib/nomad/pki/consul2022-client.crt";
|
cert_file = "/var/lib/nomad/pki/consul-client.crt";
|
||||||
key_file = "/var/lib/nomad/pki/consul2022-client.key";
|
key_file = "/var/lib/nomad/pki/consul-client.key";
|
||||||
ssl = true;
|
ssl = true;
|
||||||
checks_use_advertise = true;
|
checks_use_advertise = true;
|
||||||
};
|
};
|
||||||
|
@ -344,8 +344,8 @@ in
|
||||||
http = true;
|
http = true;
|
||||||
rpc = true;
|
rpc = true;
|
||||||
ca_file = "/var/lib/nomad/pki/nomad-ca.crt";
|
ca_file = "/var/lib/nomad/pki/nomad-ca.crt";
|
||||||
cert_file = "/var/lib/nomad/pki/nomad2022.crt";
|
cert_file = "/var/lib/nomad/pki/nomad.crt";
|
||||||
key_file = "/var/lib/nomad/pki/nomad2022.key";
|
key_file = "/var/lib/nomad/pki/nomad.key";
|
||||||
verify_server_hostname = true;
|
verify_server_hostname = true;
|
||||||
verify_https_client = true;
|
verify_https_client = true;
|
||||||
};
|
};
|
||||||
|
|
2
tlsproxy
2
tlsproxy
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -xe
|
set -xe
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue