feat: fugu only needs certs for mail

main
Ricard Illa 2023-07-12 16:13:01 +02:00
parent b53b8ee982
commit 711a2f5b91
2 changed files with 21 additions and 3 deletions

View File

@ -20,12 +20,17 @@ all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(LB_TRIGGER) $(SURICATA_TRI
ACME_DIR=/srv/certs/acme
DOMAIN=monotremata.xyz
CERT_PATH=$(ACME_DIR)/$(DOMAIN)
CERT_PATH=$(ACME_DIR)/$(DOMAIN)
FULLCHAIN=$(CERT_PATH)/fullchain.pem
CERT=$(CERT_PATH)/cert.pem
KEY=$(CERT_PATH)/key.pem
MAIL_CERT_PATH=$(ACME_DIR)/mail.$(DOMAIN)
MAIL_FULLCHAIN=$(MAIL_CERT_PATH)/fullchain.pem
MAIL_CERT=$(MAIL_CERT_PATH)/cert.pem
MAIL_KEY=$(MAIL_CERT_PATH)/key.pem
###############################################################################
SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
@ -77,13 +82,13 @@ $(CALADAN_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
dags@caladan:$(CERT_PATH)
touch $@
$(FUGU_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
$(FUGU_SYNC): $(MAIL_FULLCHAIN) $(MAIL_CERT) $(MAIL_KEY)
mkdir -p $(@D)
rsync \
$(RSYNC_ARGS) \
--rsync-path="doas rsync" \
$^ \
dags@fugu:$(CERT_PATH)
dags@fugu:$(MAIL_CERT_PATH)
touch $@
$(SURICATA_SYNC): $(FULLCHAIN) $(CERT) $(KEY)

View File

@ -42,6 +42,14 @@ install-vault:
--key-file /certs/vault.{{domain}}/key.pem \
--fullchain-file /certs/vault.{{domain}}/fullchain.pem
install-mail:
just acmesh \
--install-cert \
-d vault.{{domain}} \
--cert-file /certs/mail.{{domain}}/cert.pem \
--key-file /certs/mail.{{domain}}/key.pem \
--fullchain-file /certs/mail.{{domain}}/fullchain.pem
issue-monotremata-xyz:
just issue \
-d {{domain}} \
@ -56,3 +64,8 @@ issue-vault:
-d 'vault.{{domain}}' \
-d '*.vault.{{domain}}'
just install-vault
issue-mail:
just issue \
-d 'mail.{{domain}}'
just install-mail