Improve certificates
Add msrg.cc domain for xmpp on wiuwiu.de Add sourcing of service.env
This commit is contained in:
parent
22af530918
commit
8dfe2dc887
GPG key ID:
13AD60C237A28DFE
6 changed files with 35 additions and 9 deletions
|
|
@ -1,5 +1,9 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
set -a
|
||||
. ./service.env
|
||||
set +a
|
||||
|
||||
domain="$1"
|
||||
action="${2:-renew}"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,15 +2,15 @@
|
|||
|
||||
domain="db.serguzim.me"
|
||||
|
||||
docker compose run --rm app "$1" "$domain"
|
||||
|
||||
_install() {
|
||||
install --owner=postgres --group=postgres --mode=600 \
|
||||
"/opt/services/_certificates/$domain.$1" \
|
||||
"/var/lib/postgresql/server.$1"
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/var/lib/postgres/data/server.$1"
|
||||
}
|
||||
|
||||
_install crt
|
||||
_install key
|
||||
|
||||
sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
|
|||
18
roles/lego/files/node002/msrg.cc
Executable file
18
roles/lego/files/node002/msrg.cc
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="msrg.cc"
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'rm -rf $tmpdir' EXIT
|
||||
|
||||
cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
|
||||
cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
|
||||
|
||||
curl \
|
||||
-F submit="submit" \
|
||||
-F token="$WIUWIU_TOKEN" \
|
||||
-F "cert=@$tmpdir/fullchain.pem" \
|
||||
-F "key=@$tmpdir/privkey.pem" \
|
||||
https://cert-upload.wiuwiu.de/
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
@ -2,11 +2,9 @@
|
|||
|
||||
domain="registry.serguzim.me"
|
||||
|
||||
docker compose run --rm app "$1" "$domain"
|
||||
|
||||
_install() {
|
||||
install --owner=root --group=root --mode=600 \
|
||||
"/opt/services/_certificates/$domain.$1" \
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/opt/services/harbor/server.$1"
|
||||
}
|
||||
|
||||
|
|
@ -14,4 +12,6 @@ _install crt
|
|||
_install key
|
||||
|
||||
export HARBOR_BUNDLE_DIR=/opt/services/harbor
|
||||
$HARBOR_BUNDLE_DIR/data/install.sh
|
||||
$HARBOR_BUNDLE_DIR/harbor/install.sh
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
|
|||
|
|
@ -11,13 +11,14 @@
|
|||
dest: /etc/systemd/system/lego@.timer
|
||||
mode: "0644"
|
||||
become: true
|
||||
- name: Enable the system timer for {{ item }}
|
||||
- name: Enable the system timers
|
||||
ansible.builtin.systemd_service:
|
||||
name: lego@{{ item }}.timer
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- msrg.cc
|
||||
- db.serguzim.me
|
||||
- registry.serguzim.me
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ lego_env:
|
|||
LEGO_EMAIL: "{{ admin_email }}"
|
||||
LEGO_PATH: /data
|
||||
|
||||
CERTIFICATES_PATH: "{{ certificates_path }}"
|
||||
WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}"
|
||||
|
||||
lego_compose:
|
||||
watchtower: false
|
||||
network: false
|
||||
|
|
|
|||
Reference in a new issue