feat: rsync certs to remote hosts

2023-05-08 18:18:41 +02:00 · 2023-05-08 18:18:41 +02:00 · 543d5e271c
parent 4f826767cd
commit 543d5e271c
1 changed files with 31 additions and 2 deletions
--- a/narwhal/acme_renew/Makefile
+++ b/narwhal/acme_renew/Makefile
@ -1,6 +1,6 @@
 WD=/var/lib/dags/acme_renew
-.PHONY: all refresh_pg renew_certs
+.PHONY: all refresh_pg renew_certs caladan_sync
 NGINX_RELOAD=$(WD)/nginx_reload
@ -8,12 +8,17 @@ all: renew_certs $(NGINX_RELOAD) refresh_pg
 ###############################################################################
 ACME_DIR=/srv/certs/acme
 DOMAIN=monotremata.xyz
-CERT_PATH=/mnt/certs/acme/$(DOMAIN)
+CERT_PATH=$(ACME_DIR)/$(DOMAIN)
 CERT=$(CERT_PATH)/fullchain.cer
 KEY=$(CERT_PATH)/$(DOMAIN).key
 ###############################################################################
 SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
 ###############################################################################
 # Renew the certificates using acme.sh. Because `renew_certs` is a phony
 # target, it will be run each time, but the certificate files will only be
@ -39,6 +44,30 @@ renew_certs:
 		$(DOCKER_IMAGE) \
 		$(RENEW_CMD)
 caladan_sync: renew_certs
 	rsync \
 		--archive \
 		--delete \
 		--compress \
 		--verbose \
 		--human-readable \
 		--rsh "ssh -i $(SSH_KEY)" \
 		--rsync-path="doas rsync" \
 		$(ACME_DIR) \
 		dags@caladan:$(ACME_DIR)
 fugu_sync: renew_certs
 	rsync \
 		--archive \
 		--delete \
 		--compress \
 		--verbose \
 		--human-readable \
 		--rsh "ssh -i $(SSH_KEY)" \
 		--rsync-path="doas rsync" \
 		$(ACME_DIR) \
 		dags@fugu:$(ACME_DIR)
 ###############################################################################
 # Reload the nginx instance running on my reverse proxy docker-compose service
 # so that it uses the new certificates.