serguzim/services
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Improve certificates

Browse source 
Add msrg.cc domain for xmpp on wiuwiu.de
Add sourcing of service.env
This commit is contained in:
Tobias Reisinger 2024-01-29 00:21:27 +01:00
parent 22af530918
commit 8dfe2dc887
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
6 changed files with 35 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/lego/files/lego.sh
View file

@ -1,5 +1,9 @@
#!/usr/bin/env sh #!/usr/bin/env sh
set -a
. ./service.env
set +a
domain="$1" domain="$1"
action="${2:-renew}" action="${2:-renew}"

8
roles/lego/files/node002/db.serguzim.me
View file

@ -2,15 +2,15 @@
domain="db.serguzim.me" domain="db.serguzim.me"
docker compose run --rm app "$1" "$domain"
_install() { _install() {
install --owner=postgres --group=postgres --mode=600 \ install --owner=postgres --group=postgres --mode=600 \
"/opt/services/_certificates/$domain.$1" \ "$CERTIFICATES_PATH/$domain.$1" \
"/var/lib/postgresql/server.$1" "/var/lib/postgres/data/server.$1"
} }
_install crt _install crt
_install key _install key
sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
# vim: ft=sh

18
roles/lego/files/node002/msrg.cc Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/env sh
domain="msrg.cc"
tmpdir=$(mktemp -d)
trap 'rm -rf $tmpdir' EXIT
cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
curl \
-F submit="submit" \
-F token="$WIUWIU_TOKEN" \
-F "cert=@$tmpdir/fullchain.pem" \
-F "key=@$tmpdir/privkey.pem" \
https://cert-upload.wiuwiu.de/
# vim: ft=sh

8
roles/lego/files/node002/registry.serguzim.me
View file

@ -2,11 +2,9 @@
domain="registry.serguzim.me" domain="registry.serguzim.me"
docker compose run --rm app "$1" "$domain"
_install() { _install() {
install --owner=root --group=root --mode=600 \ install --owner=root --group=root --mode=600 \
"/opt/services/_certificates/$domain.$1" \ "$CERTIFICATES_PATH/$domain.$1" \
"/opt/services/harbor/server.$1" "/opt/services/harbor/server.$1"
} }
@ -14,4 +12,6 @@ _install crt
_install key _install key
export HARBOR_BUNDLE_DIR=/opt/services/harbor export HARBOR_BUNDLE_DIR=/opt/services/harbor
$HARBOR_BUNDLE_DIR/data/install.sh $HARBOR_BUNDLE_DIR/harbor/install.sh
# vim: ft=sh

3
roles/lego/tasks/systemd.yml
View file

@ -11,13 +11,14 @@
dest: /etc/systemd/system/lego@.timer dest: /etc/systemd/system/lego@.timer
mode: "0644" mode: "0644"
become: true become: true
- name: Enable the system timer for {{ item }} - name: Enable the system timers
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: lego@{{ item }}.timer name: lego@{{ item }}.timer
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
loop: loop:
- msrg.cc
- db.serguzim.me - db.serguzim.me
- registry.serguzim.me - registry.serguzim.me
become: true become: true

3
roles/lego/vars/main.yml
View file

@ -9,6 +9,9 @@ lego_env:
LEGO_EMAIL: "{{ admin_email }}" LEGO_EMAIL: "{{ admin_email }}"
LEGO_PATH: /data LEGO_PATH: /data
CERTIFICATES_PATH: "{{ certificates_path }}"
WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}"
lego_compose: lego_compose:
watchtower: false watchtower: false
network: false network: false