Update to 2023-07-03 15:00

2025-08-06 08:36:55 +02:00 · 2023-07-03 15:00:09 +02:00
parent 590e8b5d83
commit 91f9384361
44 changed files with 426 additions and 429 deletions
--- a/roles/vault/templates/dehydrated_hook.j2
+++ b/roles/vault/templates/dehydrated_hook.j2
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -eo pipefail
+
+{% if vault_letsencrypt_cert is defined %}
+
+if [ $1 == "{{ vault_letsencrypt_cert }}" ]; then
+  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/fullchain.pem {{ vault_root_dir }}/tls/vault.crt
+  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/privkey.pem {{ vault_root_dir }}/tls/vault.key
+  chown root:vault {{ vault_root_dir }}/tls/vault.key
+  chown root:root {{ vault_root_dir }}/tls/vault.crt
+  chmod 640 {{ vault_root_dir }}/tls/vault.key
+  chmod 644 {{ vault_root_dir }}/tls/vault.crt
+  systemctl reload vault
+fi
+
+{% else %}
+
+# No Let's Encrypt cert configured, nothing to do
+exit 0
+
+{% endif %}