From 4b66cdbd7b4926448e23d28f06de8d07c91caca9 Mon Sep 17 00:00:00 2001
From: Ricard Illa <rilla@monotremata.xyz>
Date: Fri, 16 Sep 2022 18:02:53 +0200
Subject: [PATCH] simplified certs setup

---
 acme_renew/Makefile | 40 +++++++++-------------------------------
 1 file changed, 9 insertions(+), 31 deletions(-)

diff --git a/acme_renew/Makefile b/acme_renew/Makefile
index ed9dcee..cdbfb6b 100644
--- a/acme_renew/Makefile
+++ b/acme_renew/Makefile
@@ -8,41 +8,19 @@ all: renew_certs $(NGINX_RELOAD) refresh_pg
 
 ###############################################################################
 
-CERTS_PATH=/mnt/certs/acme
+DOMAIN=monotremata.xyz
+CERT_PATH=/mnt/certs/acme/$(DOMAIN)
 
-MONOTREMATA_DOMAIN=monotremata.xyz
-MONOTREMATA_PATH=$(CERTS_PATH)/$(MONOTREMATA_DOMAIN)
-MONOTREMATA_CERT=$(MONOTREMATA_PATH)/fullchain.cer
-MONOTREMATA_KEY=$(MONOTREMATA_PATH)/$(MONOTREMATA_DOMAIN).key
-
-NARWHAL_DOMAIN=narwhal.monotremata.xyz
-NARWHAL_PATH=$(CERTS_PATH)/$(NARWHAL_DOMAIN)
-NARWHAL_CERT=$(NARWHAL_PATH)/fullchain.cer
-NARWHAL_KEY=$(NARWHAL_PATH)/$(NARWHAL_DOMAIN).key
-
-CALADAN_DOMAIN=caladan.monotremata.xyz
-CALADAN_PATH=$(CERTS_PATH)/$(CALADAN_DOMAIN)
-CALADAN_CERT=$(CALADAN_PATH)/fullchain.cer
-CALADAN_KEY=$(CALADAN_PATH)/$(CALADAN_DOMAIN).key
-
-XMPP_DOMAIN=xmpp.monotremata.xyz
-XMPP_PATH=$(CERTS_PATH)/$(XMPP_DOMAIN)
-XMPP_CERT=$(XMPP_PATH)/fullchain.cer
-XMPP_KEY=$(XMPP_PATH)/$(XMPP_DOMAIN).key
+CERT=$(CERT_PATH)/fullchain.cer
+KEY=$(CERT_PATH)/$(DOMAIN).key
 
 ###############################################################################
 # Renew the certificates using acme.sh. Because `renew_certs` is a phony
 # target, it will be run each time, but the certificate files will only be
 # updated if a renewal happens
 
-$(MONOTREMATA_CERT): renew_certs
-$(MONOTREMATA_KEY): renew_certs
-$(NARWHAL_CERT): renew_certs
-$(NARWHAL_KEY): renew_certs
-$(CALADAN_CERT): renew_certs
-$(CALADAN_KEY): renew_certs
-$(XMPP_CERT): renew_certs
-$(XMPP_KEY): renew_certs
+$(CERT): renew_certs
+$(KEY): renew_certs
 
 ACMESH_COMPOSE_FILE=/srv/services/acmesh/docker-compose.yml
 
@@ -65,7 +43,7 @@ renew_certs:
 
 NGINX_COMPOSE_FILE=/srv/services/reverse_proxy/docker-compose.yml
 
-$(NGINX_RELOAD): $(MONOTREMATA_CERT) $(MONOTREMATA_KEY) $(NARWHAL_CERT) $(NARWHAL_KEY)
+$(NGINX_RELOAD): $(CERT) $(KEY)
 	mkdir -p $(@D)
 	docker-compose \
 		--file $(NGINX_COMPOSE_FILE) \
@@ -81,11 +59,11 @@ PG_SSL_PATH=/mnt/docker_volumes/postgres/ssl
 PG_CERT=$(PG_SSL_PATH)/server.crt
 PG_KEY=$(PG_SSL_PATH)/server.key
 
-$(PG_CERT): $(MONOTREMATA_CERT)
+$(PG_CERT): $(CERT)
 	mkdir -p $(@D)
 	rsync --copy-links $< $@
 
-$(PG_KEY): $(MONOTREMATA_KEY)
+$(PG_KEY): $(KEY)
 	mkdir -p $(@D)
 	rsync --copy-links $< $@