feat: rsync certs to remote hosts

main
Ricard Illa 2023-05-08 18:18:41 +02:00
parent 4f826767cd
commit 543d5e271c
1 changed files with 31 additions and 2 deletions

View File

@ -1,6 +1,6 @@
WD=/var/lib/dags/acme_renew WD=/var/lib/dags/acme_renew
.PHONY: all refresh_pg renew_certs .PHONY: all refresh_pg renew_certs caladan_sync
NGINX_RELOAD=$(WD)/nginx_reload NGINX_RELOAD=$(WD)/nginx_reload
@ -8,12 +8,17 @@ all: renew_certs $(NGINX_RELOAD) refresh_pg
############################################################################### ###############################################################################
ACME_DIR=/srv/certs/acme
DOMAIN=monotremata.xyz DOMAIN=monotremata.xyz
CERT_PATH=/mnt/certs/acme/$(DOMAIN) CERT_PATH=$(ACME_DIR)/$(DOMAIN)
CERT=$(CERT_PATH)/fullchain.cer CERT=$(CERT_PATH)/fullchain.cer
KEY=$(CERT_PATH)/$(DOMAIN).key KEY=$(CERT_PATH)/$(DOMAIN).key
###############################################################################
SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
############################################################################### ###############################################################################
# Renew the certificates using acme.sh. Because `renew_certs` is a phony # Renew the certificates using acme.sh. Because `renew_certs` is a phony
# target, it will be run each time, but the certificate files will only be # target, it will be run each time, but the certificate files will only be
@ -39,6 +44,30 @@ renew_certs:
$(DOCKER_IMAGE) \ $(DOCKER_IMAGE) \
$(RENEW_CMD) $(RENEW_CMD)
caladan_sync: renew_certs
rsync \
--archive \
--delete \
--compress \
--verbose \
--human-readable \
--rsh "ssh -i $(SSH_KEY)" \
--rsync-path="doas rsync" \
$(ACME_DIR) \
dags@caladan:$(ACME_DIR)
fugu_sync: renew_certs
rsync \
--archive \
--delete \
--compress \
--verbose \
--human-readable \
--rsh "ssh -i $(SSH_KEY)" \
--rsync-path="doas rsync" \
$(ACME_DIR) \
dags@fugu:$(ACME_DIR)
############################################################################### ###############################################################################
# Reload the nginx instance running on my reverse proxy docker-compose service # Reload the nginx instance running on my reverse proxy docker-compose service
# so that it uses the new certificates. # so that it uses the new certificates.