john/soteria
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pruning

Browse Source
This commit is contained in:
John Lancaster
2025-12-28 23:38:24 -06:00
parent 83ada5bd70
commit 11efff6829
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
systemd/cert-renewer.service
View File

@@ -9,9 +9,6 @@ StartLimitIntervalSec=0
Type=oneshot Type=oneshot
User=root User=root
Environment=CERT_LOCATION=/home/john/soteria/certs/soteria.crt \
KEY_LOCATION=/home/john/soteria/certs/soteria.key
; ExecCondition checks if the certificate is ready for renewal, ; ExecCondition checks if the certificate is ready for renewal,
; based on the exit status of the command. ; based on the exit status of the command.
; (In systemd <242, you can use ExecStartPre= here.) ; (In systemd <242, you can use ExecStartPre= here.)
@@ -20,8 +17,8 @@ ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
; ExecStart renews the certificate, if ExecStartPre was successful. ; ExecStart renews the certificate, if ExecStartPre was successful.
ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION} ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION} ; ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile ; ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target