feat: fugu only needs certs for mail

narwhal/acme_renew/Makefile

@@ -20,12 +20,17 @@ all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(LB_TRIGGER) $(SURICATA_TRI
 
 ACME_DIR=/srv/certs/acme
 DOMAIN=monotremata.xyz
-CERT_PATH=$(ACME_DIR)/$(DOMAIN)
 
+CERT_PATH=$(ACME_DIR)/$(DOMAIN)
 FULLCHAIN=$(CERT_PATH)/fullchain.pem
 CERT=$(CERT_PATH)/cert.pem
 KEY=$(CERT_PATH)/key.pem
 
+MAIL_CERT_PATH=$(ACME_DIR)/mail.$(DOMAIN)
+MAIL_FULLCHAIN=$(MAIL_CERT_PATH)/fullchain.pem
+MAIL_CERT=$(MAIL_CERT_PATH)/cert.pem
+MAIL_KEY=$(MAIL_CERT_PATH)/key.pem
+
 ###############################################################################
 
 SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
@@ -77,13 +82,13 @@ $(CALADAN_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
 		dags@caladan:$(CERT_PATH)
 	touch $@
 
-$(FUGU_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
+$(FUGU_SYNC): $(MAIL_FULLCHAIN) $(MAIL_CERT) $(MAIL_KEY)
 	mkdir -p $(@D)
 	rsync \
 		$(RSYNC_ARGS) \
 		--rsync-path="doas rsync" \
 		$^ \
-		dags@fugu:$(CERT_PATH)
+		dags@fugu:$(MAIL_CERT_PATH)
 	touch $@
 
 $(SURICATA_SYNC): $(FULLCHAIN) $(CERT) $(KEY)

narwhal/acme_renew/justfile

@@ -42,6 +42,14 @@ install-vault:
         --key-file /certs/vault.{{domain}}/key.pem \
         --fullchain-file /certs/vault.{{domain}}/fullchain.pem
 
+install-mail:
+    just acmesh \
+        --install-cert \
+        -d vault.{{domain}} \
+        --cert-file /certs/mail.{{domain}}/cert.pem \
+        --key-file /certs/mail.{{domain}}/key.pem \
+        --fullchain-file /certs/mail.{{domain}}/fullchain.pem
+
 issue-monotremata-xyz:
     just issue \
         -d {{domain}} \
@@ -56,3 +64,8 @@ issue-vault:
         -d 'vault.{{domain}}' \
         -d '*.vault.{{domain}}'
     just install-vault
+
+issue-mail:
+    just issue \
+        -d 'mail.{{domain}}'
+    just install-mail