From 543d5e271c4243124df7eb230a22af3117767dc4 Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Mon, 8 May 2023 18:18:41 +0200 Subject: [PATCH] feat: rsync certs to remote hosts --- narwhal/acme_renew/Makefile | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/narwhal/acme_renew/Makefile b/narwhal/acme_renew/Makefile index 361da29..8fc55c7 100644 --- a/narwhal/acme_renew/Makefile +++ b/narwhal/acme_renew/Makefile @@ -1,6 +1,6 @@ WD=/var/lib/dags/acme_renew -.PHONY: all refresh_pg renew_certs +.PHONY: all refresh_pg renew_certs caladan_sync NGINX_RELOAD=$(WD)/nginx_reload @@ -8,12 +8,17 @@ all: renew_certs $(NGINX_RELOAD) refresh_pg ############################################################################### +ACME_DIR=/srv/certs/acme DOMAIN=monotremata.xyz -CERT_PATH=/mnt/certs/acme/$(DOMAIN) +CERT_PATH=$(ACME_DIR)/$(DOMAIN) CERT=$(CERT_PATH)/fullchain.cer KEY=$(CERT_PATH)/$(DOMAIN).key +############################################################################### + +SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519 + ############################################################################### # Renew the certificates using acme.sh. Because `renew_certs` is a phony # target, it will be run each time, but the certificate files will only be @@ -39,6 +44,30 @@ renew_certs: $(DOCKER_IMAGE) \ $(RENEW_CMD) +caladan_sync: renew_certs + rsync \ + --archive \ + --delete \ + --compress \ + --verbose \ + --human-readable \ + --rsh "ssh -i $(SSH_KEY)" \ + --rsync-path="doas rsync" \ + $(ACME_DIR) \ + dags@caladan:$(ACME_DIR) + +fugu_sync: renew_certs + rsync \ + --archive \ + --delete \ + --compress \ + --verbose \ + --human-readable \ + --rsh "ssh -i $(SSH_KEY)" \ + --rsync-path="doas rsync" \ + $(ACME_DIR) \ + dags@fugu:$(ACME_DIR) + ############################################################################### # Reload the nginx instance running on my reverse proxy docker-compose service # so that it uses the new certificates.