Generate HTTPS certs with certbot for syncthing packer
This commit is contained in:
parent
736d51a5fa
commit
61cdfe3f68
1
.envrc
1
.envrc
@ -10,6 +10,7 @@ export SYNCTHING_PW=$(pass packer-syncthing-pw)
|
|||||||
export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
|
export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
|
||||||
export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
|
export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
|
||||||
export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
|
export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
|
||||||
|
export CERTBOT_EMAIL=$(pass certbot-email)
|
||||||
|
|
||||||
if [ -f ".env.local" ]; then
|
if [ -f ".env.local" ]; then
|
||||||
echo "sourcing .env.local"
|
echo "sourcing .env.local"
|
||||||
|
2
prod/syncthing-packer/.gitignore
vendored
2
prod/syncthing-packer/.gitignore
vendored
@ -1,3 +1,5 @@
|
|||||||
packer/syncthing-config.xml
|
packer/syncthing-config.xml
|
||||||
packer/syncthing-cert.pem
|
packer/syncthing-cert.pem
|
||||||
packer/syncthing-key.pem
|
packer/syncthing-key.pem
|
||||||
|
packer/do.ini
|
||||||
|
packer/certbot/
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
.PHONY: packer
|
.PHONY: packer
|
||||||
|
|
||||||
packer: syncthing-config.xml syncthing.json
|
packer: syncthing-config.xml syncthing.json syncthing-cert.pem syncthing-key.pem certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem
|
||||||
packer build syncthing.json
|
packer build syncthing.json
|
||||||
|
|
||||||
syncthing-config.xml: syncthing-config.xml.template
|
syncthing-config.xml: syncthing-config.xml.template
|
||||||
@ -11,3 +11,10 @@ syncthing-cert.pem: syncthing-cert.pem.template
|
|||||||
|
|
||||||
syncthing-key.pem: syncthing-key.pem.template
|
syncthing-key.pem: syncthing-key.pem.template
|
||||||
sigil -p -f syncthing-key.pem.template > syncthing-key.pem
|
sigil -p -f syncthing-key.pem.template > syncthing-key.pem
|
||||||
|
|
||||||
|
certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem &: do.ini
|
||||||
|
certbot certonly -n --agree-tos --email ${CERTBOT_EMAIL} --dns-digitalocean --dns-digitalocean-credentials do.ini --config-dir ./certbot --work-dir ./certbot --logs-dir ./certbot -d syncthing.jeremydormitzer.com
|
||||||
|
|
||||||
|
do.ini: do.ini.template
|
||||||
|
sigil -p -f do.ini.template > do.ini
|
||||||
|
chmod 600 do.ini
|
||||||
|
1
prod/syncthing-packer/packer/do.ini.template
Normal file
1
prod/syncthing-packer/packer/do.ini.template
Normal file
@ -0,0 +1 @@
|
|||||||
|
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}
|
Loading…
Reference in New Issue
Block a user