From 4b029ed69a6e50198c619da9fff02aa8373552bb Mon Sep 17 00:00:00 2001
From: Ricard Illa <rilla@monotremata.xyz>
Date: Wed, 12 Jul 2023 17:02:09 +0200
Subject: [PATCH] feat: refresh vault certificates on narwhal

---
 narwhal/acme_renew/Makefile | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/narwhal/acme_renew/Makefile b/narwhal/acme_renew/Makefile
index a4abd9e..a71c85c 100644
--- a/narwhal/acme_renew/Makefile
+++ b/narwhal/acme_renew/Makefile
@@ -14,7 +14,7 @@ FUGU_TRIGGER=$(WD)/fugu_trigger
 LB_TRIGGER=$(WD)/lb_trigger
 SURICATA_TRIGGER=$(WD)/suricata_trigger
 
-all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(LB_TRIGGER) $(SURICATA_TRIGGER) $(NGINX_RELOAD) refresh_pg
+all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(LB_TRIGGER) $(SURICATA_TRIGGER) $(NGINX_RELOAD) refresh_pg refresh_vault
 
 ###############################################################################
 
@@ -152,3 +152,20 @@ $(PG_KEY): $(KEY)
 	rsync --copy-links $< $@
 
 refresh_pg: $(PG_CERT) $(PG_KEY)
+
+###############################################################################
+# Copy Vault certificate
+
+VAULT_DEST_PATH=/srv/certs/vault
+VAULT_DEST_CERT=$(VAULT_DEST_PATH)/tls.crt
+VAULT_DEST_KEY=$(VAULT_DEST_PATH)/tls.key
+
+$(VAULT_DEST_CERT): $(VAULT_CERT)
+	mkdir -p $(@D)
+	install -o vault -g vault -m 600 $^ $@
+
+$(VAULT_DEST_KEY): $(VAULT_KEY)
+	mkdir -p $(@D)
+	install -o vault -g vault -m 600 $^ $@
+
+refresh_vault: $(VAULT_DEST_CERT) $(VAULT_DEST_KEY)