Deuxfleurs
/
nixcfg
17
6
Fork 2
Code Issues 8 Pull Requests 1 Projects Releases Wiki Activity

Remove hardcoded years in deuxfleurs.nix

This commit is contained in:
Alex 2023-01-01 19:38:28 +01:00
parent 95540260cb
commit ad6db2f1c5
3 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
deploy_pki
View File

@ -14,6 +14,11 @@ do
fi fi
done done
cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
cmd systemctl restart consul cmd systemctl restart consul
cmd sleep 10 cmd sleep 10
@ -27,19 +32,27 @@ do
fi fi
done done
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key
cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
cmd systemctl restart nomad cmd systemctl restart nomad
set_env CONSUL_HTTP_ADDR=https://localhost:8501 set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt" cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR.crt" cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt"
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt" cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt"
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key" cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key"
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt" cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt" cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt"
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt" cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt"
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key" cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key"

14
nix/deuxfleurs.nix
View File

@ -291,8 +291,8 @@ in
}; };
ca_file = "/var/lib/consul/pki/consul-ca.crt"; ca_file = "/var/lib/consul/pki/consul-ca.crt";
cert_file = "/var/lib/consul/pki/consul2022.crt"; cert_file = "/var/lib/consul/pki/consul.crt";
key_file = "/var/lib/consul/pki/consul2022.key"; key_file = "/var/lib/consul/pki/consul.key";
verify_incoming = true; verify_incoming = true;
verify_outgoing = true; verify_outgoing = true;
verify_server_hostname = true; verify_server_hostname = true;
@ -324,9 +324,9 @@ in
}; };
consul = { consul = {
address = "localhost:8501"; address = "localhost:8501";
ca_file = "/var/lib/nomad/pki/consul2022.crt"; ca_file = "/var/lib/nomad/pki/consul.crt";
cert_file = "/var/lib/nomad/pki/consul2022-client.crt"; cert_file = "/var/lib/nomad/pki/consul-client.crt";
key_file = "/var/lib/nomad/pki/consul2022-client.key"; key_file = "/var/lib/nomad/pki/consul-client.key";
ssl = true; ssl = true;
checks_use_advertise = true; checks_use_advertise = true;
}; };
@ -344,8 +344,8 @@ in
http = true; http = true;
rpc = true; rpc = true;
ca_file = "/var/lib/nomad/pki/nomad-ca.crt"; ca_file = "/var/lib/nomad/pki/nomad-ca.crt";
cert_file = "/var/lib/nomad/pki/nomad2022.crt"; cert_file = "/var/lib/nomad/pki/nomad.crt";
key_file = "/var/lib/nomad/pki/nomad2022.key"; key_file = "/var/lib/nomad/pki/nomad.key";
verify_server_hostname = true; verify_server_hostname = true;
verify_https_client = true; verify_https_client = true;
}; };

2
tlsproxy
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
set -xe set -xe