forked from Deuxfleurs/nixcfg
Fusion conflict
This commit is contained in:
parent
f228592473
commit
18af714330
4 changed files with 10 additions and 14 deletions
|
|
@ -11,8 +11,4 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
|
|||
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||
carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||
caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
|
||||
df-pw5.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeehxeGiZR7qquYGoqEH/YrRJ/ukEcaLH
|
||||
origan.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsZas74RT6lCZwuUOPR23nPdbSdpWORyAmRgjoiMVHK
|
||||
piranha.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ Host origan
|
|||
HostName origan.machine.staging.deuxfleurs.org
|
||||
|
||||
Host piranha
|
||||
HostName %h.machine.staging.deuxfleurs.org
|
||||
#HostName piranha.polyno.me
|
||||
#OR
|
||||
#ProxyJump caribou.machine.deuxfleurs.fr
|
||||
|
|
|
|||
12
deploy_pki
12
deploy_pki
|
|
@ -19,10 +19,10 @@ cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
|
|||
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
|
||||
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
|
||||
|
||||
if [ ! "$CLUSTER" = "prod" ]; then
|
||||
cmd systemctl restart consul
|
||||
|
||||
cmd systemctl reload consul
|
||||
cmd sleep 10
|
||||
fi
|
||||
|
||||
|
||||
for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
|
||||
nomad$YEAR-client.crt nomad$YEAR-client.key \
|
||||
|
|
@ -30,8 +30,10 @@ for file in nomad-ca.crt nomad$YEAR.crt nomad$YEAR.key \
|
|||
do
|
||||
if pass $PKI/$file >/dev/null; then
|
||||
write_pass $PKI/$file /var/lib/nomad/pki/$file
|
||||
if [ "$CLUSTER" = "prod" ]; then
|
||||
cmd "chown \$(stat -c %u /var/lib/private/nomad/) /var/lib/nomad/pki/$file"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
|
||||
|
|
@ -42,9 +44,7 @@ cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
|
|||
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
|
||||
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
|
||||
|
||||
if [ ! "$CLUSTER" = "prod" ]; then
|
||||
cmd systemctl restart nomad
|
||||
fi
|
||||
cmd systemctl reload nomad
|
||||
|
||||
set_env CONSUL_HTTP_ADDR=https://localhost:8501
|
||||
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
|
||||
|
|
|
|||
3
tlsproxy
3
tlsproxy
|
|
@ -17,8 +17,7 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
|
|||
|
||||
# Do actual stuff
|
||||
|
||||
#YEAR=$(date +%Y)
|
||||
YEAR=2023
|
||||
YEAR=$(date +%Y)
|
||||
|
||||
CERTDIR=$(mktemp -d)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue