Update to 2022-08-31 13:00

2025-08-06 08:36:55 +02:00 · 2022-08-31 13:00:17 +02:00
parent 416ed9c867
commit c10fd506f3
18 changed files with 491 additions and 0 deletions
--- a/roles/vault/templates/dehydrated_hook.j2
+++ b/roles/vault/templates/dehydrated_hook.j2
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -eo pipefail
+
+{% if vault_letsencrypt_cert is defined %}
+
+if [ $1 == "{{ pg_letsencrypt_cert }}" ]; then
+  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/fullchain.pem {{ vault_root_dir }}/tls/vault.crt
+  cp /var/lib/dehydrated/certificates/certs/{{ vault_letsencrypt_cert }}/privkey.pem {{ vault_root_dir }}/tls/vault.key
+  chown root:vault {{ vault_root_dir }}/tls/vault.key
+  chown root:root {{ vault_root_dir }}/tls/vault.crt
+  chmod 640 {{ vault_root_dir }}/tls/vault.key
+  chmod 644 {{ vault_root_dir }}/tls/vault.crt
+  systemctl reload vault
+fi
+
+{% else %}
+
+# No Let's Encrypt cert configured, nothing to do
+exit 0
+
+{% endif %}