From 711a2f5b91ecc6ca04832a69eb676544b30e60f1 Mon Sep 17 00:00:00 2001
From: Ricard Illa <rilla@monotremata.xyz>
Date: Wed, 12 Jul 2023 16:13:01 +0200
Subject: [PATCH] feat: fugu only needs certs for mail

---
 narwhal/acme_renew/Makefile | 11 ++++++++---
 narwhal/acme_renew/justfile | 13 +++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/narwhal/acme_renew/Makefile b/narwhal/acme_renew/Makefile
index 0c6821e..4c45e6c 100644
--- a/narwhal/acme_renew/Makefile
+++ b/narwhal/acme_renew/Makefile
@@ -20,12 +20,17 @@ all: renew_certs $(CALADAN_TRIGGER) $(FUGU_TRIGGER) $(LB_TRIGGER) $(SURICATA_TRI
 
 ACME_DIR=/srv/certs/acme
 DOMAIN=monotremata.xyz
-CERT_PATH=$(ACME_DIR)/$(DOMAIN)
 
+CERT_PATH=$(ACME_DIR)/$(DOMAIN)
 FULLCHAIN=$(CERT_PATH)/fullchain.pem
 CERT=$(CERT_PATH)/cert.pem
 KEY=$(CERT_PATH)/key.pem
 
+MAIL_CERT_PATH=$(ACME_DIR)/mail.$(DOMAIN)
+MAIL_FULLCHAIN=$(MAIL_CERT_PATH)/fullchain.pem
+MAIL_CERT=$(MAIL_CERT_PATH)/cert.pem
+MAIL_KEY=$(MAIL_CERT_PATH)/key.pem
+
 ###############################################################################
 
 SSH_KEY=/srv/certs/ssh/users/dags/id_ed25519
@@ -77,13 +82,13 @@ $(CALADAN_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
 		dags@caladan:$(CERT_PATH)
 	touch $@
 
-$(FUGU_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
+$(FUGU_SYNC): $(MAIL_FULLCHAIN) $(MAIL_CERT) $(MAIL_KEY)
 	mkdir -p $(@D)
 	rsync \
 		$(RSYNC_ARGS) \
 		--rsync-path="doas rsync" \
 		$^ \
-		dags@fugu:$(CERT_PATH)
+		dags@fugu:$(MAIL_CERT_PATH)
 	touch $@
 
 $(SURICATA_SYNC): $(FULLCHAIN) $(CERT) $(KEY)
diff --git a/narwhal/acme_renew/justfile b/narwhal/acme_renew/justfile
index 98c3ad4..807951f 100755
--- a/narwhal/acme_renew/justfile
+++ b/narwhal/acme_renew/justfile
@@ -42,6 +42,14 @@ install-vault:
         --key-file /certs/vault.{{domain}}/key.pem \
         --fullchain-file /certs/vault.{{domain}}/fullchain.pem
 
+install-mail:
+    just acmesh \
+        --install-cert \
+        -d vault.{{domain}} \
+        --cert-file /certs/mail.{{domain}}/cert.pem \
+        --key-file /certs/mail.{{domain}}/key.pem \
+        --fullchain-file /certs/mail.{{domain}}/fullchain.pem
+
 issue-monotremata-xyz:
     just issue \
         -d {{domain}} \
@@ -56,3 +64,8 @@ issue-vault:
         -d 'vault.{{domain}}' \
         -d '*.vault.{{domain}}'
     just install-vault
+
+issue-mail:
+    just issue \
+        -d 'mail.{{domain}}'
+    just install-mail