Add cron job to clean up stuff; fix genpki

This commit is contained in:
Alex 2022-01-03 23:47:55 +01:00
parent 1ade671f96
commit 143683ed2d
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1
3 changed files with 17 additions and 7 deletions

View file

@ -72,5 +72,5 @@ consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YE
EOF
ssh -t -F ssh_config $SSH_DEST sudo sh $TMP_PATH/deploy.sh
ssh -F ssh_config $SSH_DEST rm -rv $TMP_PATH
ssh -F ssh_config $SSH_DEST rm -rv '/tmp/tmp-deploy-*'
done

View file

@ -45,7 +45,8 @@ O = Deuxfleurs
CN = $APP
[v3_req]
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, serverAuth, clientAuth
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
@ -85,7 +86,8 @@ O = Deuxfleurs
CN = $APP-client
[v3_req]
keyUsage = keyEncipherment, keyCertSign, dataEncipherment, clientAuth
keyUsage = keyEncipherment, keyCertSign, dataEncipherment
extendedKeyUsage = clientAuth
subjectAltName = @alt_names
[alt_names]
@ -97,8 +99,8 @@ EOF
rm $CERT-client.csr
fi
if [ ! -f $CERT-client.p12 ]; then
openssl pkcs12 -export -out $CERT-client.p12 \
-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
fi
#if [ ! -f $CERT-client.p12 ]; then
# openssl pkcs12 -export -out $CERT-client.p12 \
# -in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
#fi
done

View file

@ -9,4 +9,12 @@
services.nomad.settings.datacenter = "neptune";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.cron = {
enable = true;
systemCronJobs = [
"0 2 * * * ${config.system.path}/bin/nix-collect-garbage --delete-older-than 10d"
"30 2 * * * ${config.system.path}/bin/docker run --rm -it -v /var/lib/drone/nix:/nix nixpkgs/nix:nixos-21.05 nix-collect-garbage --delete-older-than 10d"
];
};
}