Generate HTTPS certs with certbot for syncthing packer

This commit is contained in:
Jeremy Dormitzer 2020-12-31 09:45:52 -05:00
parent 736d51a5fa
commit 61cdfe3f68
4 changed files with 12 additions and 1 deletions

1
.envrc
View File

@ -10,6 +10,7 @@ export SYNCTHING_PW=$(pass packer-syncthing-pw)
export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key) export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem) export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem) export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then if [ -f ".env.local" ]; then
echo "sourcing .env.local" echo "sourcing .env.local"

View File

@ -1,3 +1,5 @@
packer/syncthing-config.xml packer/syncthing-config.xml
packer/syncthing-cert.pem packer/syncthing-cert.pem
packer/syncthing-key.pem packer/syncthing-key.pem
packer/do.ini
packer/certbot/

View File

@ -1,6 +1,6 @@
.PHONY: packer .PHONY: packer
packer: syncthing-config.xml syncthing.json packer: syncthing-config.xml syncthing.json syncthing-cert.pem syncthing-key.pem certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem
packer build syncthing.json packer build syncthing.json
syncthing-config.xml: syncthing-config.xml.template syncthing-config.xml: syncthing-config.xml.template
@ -11,3 +11,10 @@ syncthing-cert.pem: syncthing-cert.pem.template
syncthing-key.pem: syncthing-key.pem.template syncthing-key.pem: syncthing-key.pem.template
sigil -p -f syncthing-key.pem.template > syncthing-key.pem sigil -p -f syncthing-key.pem.template > syncthing-key.pem
certbot/live/syncthing.jeremydormitzer.com/fullchain.pem certbot/live/syncthing.jeremydormitzer.com/privkey.pem &: do.ini
certbot certonly -n --agree-tos --email ${CERTBOT_EMAIL} --dns-digitalocean --dns-digitalocean-credentials do.ini --config-dir ./certbot --work-dir ./certbot --logs-dir ./certbot -d syncthing.jeremydormitzer.com
do.ini: do.ini.template
sigil -p -f do.ini.template > do.ini
chmod 600 do.ini

View File

@ -0,0 +1 @@
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}