tixie/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Remove hardcoded years in deuxfleurs.nix

Browse source
This commit is contained in:
Alex 2023-01-01 19:38:28 +01:00
parent 95540260cb
commit ad6db2f1c5
3 changed files with 29 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
deploy_pki
View file

@ -14,6 +14,11 @@ do
fi
done
cmd ln -sf /var/lib/consul/pki/consul$YEAR.crt /var/lib/consul/pki/consul.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR.key /var/lib/consul/pki/consul.key
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.crt /var/lib/consul/pki/consul-client.crt
cmd ln -sf /var/lib/consul/pki/consul$YEAR-client.key /var/lib/consul/pki/consul-client.key
cmd systemctl restart consul
cmd sleep 10
@ -27,19 +32,27 @@ do
fi
done
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.crt /var/lib/nomad/pki/nomad.crt
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR.key /var/lib/nomad/pki/nomad.key
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.crt /var/lib/nomad/pki/nomad-client.crt
cmd ln -sf /var/lib/nomad/pki/nomad$YEAR-client.key /var/lib/nomad/pki/nomad-client.key
cmd ln -sf /var/lib/nomad/pki/consul$YEAR.crt /var/lib/nomad/pki/consul.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.crt /var/lib/nomad/pki/consul-client.crt
cmd ln -sf /var/lib/nomad/pki/consul$YEAR-client.key /var/lib/nomad/pki/consul-client.key
cmd systemctl restart nomad
set_env CONSUL_HTTP_ADDR=https://localhost:8501
set_env CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key
set_env CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul-client.crt
set_env CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul-client.key
cmd "consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt"
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul$YEAR.crt"
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt"
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key"
cmd "consul kv put secrets/consul/consul.crt - < /var/lib/consul/pki/consul.crt"
cmd "consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul-client.crt"
cmd "consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul-client.key"
cmd "consul kv put secrets/nomad/nomad-ca.crt - < /var/lib/nomad/pki/nomad-ca.crt"
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad$YEAR.crt"
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad$YEAR-client.crt"
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad$YEAR-client.key"
cmd "consul kv put secrets/nomad/nomad.crt - < /var/lib/nomad/pki/nomad.crt"
cmd "consul kv put secrets/nomad/nomad-client.crt - < /var/lib/nomad/pki/nomad-client.crt"
cmd "consul kv put secrets/nomad/nomad-client.key - < /var/lib/nomad/pki/nomad-client.key"

14
nix/deuxfleurs.nix
View file

@ -291,8 +291,8 @@ in
};
ca_file = "/var/lib/consul/pki/consul-ca.crt";
cert_file = "/var/lib/consul/pki/consul2022.crt";
key_file = "/var/lib/consul/pki/consul2022.key";
cert_file = "/var/lib/consul/pki/consul.crt";
key_file = "/var/lib/consul/pki/consul.key";
verify_incoming = true;
verify_outgoing = true;
verify_server_hostname = true;
@ -324,9 +324,9 @@ in
};
consul = {
address = "localhost:8501";
ca_file = "/var/lib/nomad/pki/consul2022.crt";
cert_file = "/var/lib/nomad/pki/consul2022-client.crt";
key_file = "/var/lib/nomad/pki/consul2022-client.key";
ca_file = "/var/lib/nomad/pki/consul.crt";
cert_file = "/var/lib/nomad/pki/consul-client.crt";
key_file = "/var/lib/nomad/pki/consul-client.key";
ssl = true;
checks_use_advertise = true;
};
@ -344,8 +344,8 @@ in
http = true;
rpc = true;
ca_file = "/var/lib/nomad/pki/nomad-ca.crt";
cert_file = "/var/lib/nomad/pki/nomad2022.crt";
key_file = "/var/lib/nomad/pki/nomad2022.key";
cert_file = "/var/lib/nomad/pki/nomad.crt";
key_file = "/var/lib/nomad/pki/nomad.key";
verify_server_hostname = true;
verify_https_client = true;
};

2
tlsproxy
View file

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
set -xe