forked from Deuxfleurs/nixcfg
33 lines
1.1 KiB
Text
Executable file
33 lines
1.1 KiB
Text
Executable file
#!/usr/bin/env ./sshtool
|
|
|
|
PKI=cluster/$CLUSTER/secrets/pki
|
|
YEAR=$(date +%Y)
|
|
|
|
cmd mkdir -p /var/lib/nomad/pki /var/lib/consul/pki
|
|
|
|
for file in consul-ca.crt consul$YEAR.crt consul$YEAR.key consul$YEAR-client.crt consul$YEAR-client.key; do
|
|
if [ -f "$PKI/$file" ]; then
|
|
copy_secret $PKI/$file /var/lib/consul/pki/$file
|
|
cmd chown consul:root /var/lib/consul/pki/$file
|
|
fi
|
|
done
|
|
|
|
cmd systemctl restart consul
|
|
cmd sleep 10
|
|
|
|
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key; do
|
|
if [ -f "$PKI/$file" ]; then
|
|
copy_secret $PKI/$file /var/lib/nomad/pki/$file
|
|
fi
|
|
done
|
|
|
|
cmd systemctl restart nomad
|
|
|
|
set_env CONSUL_HTTP_ADDR=https://localhost:8501
|
|
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
|
|
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt
|
|
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key
|
|
|
|
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
|
|
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
|
|
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
|