pruning

scripts/setup_wizard.sh

@@ -118,7 +118,7 @@ echo "-----------------------------"
 # 1. Collect Inputs
 # Example:
 get_input "HOST_NAME" "Enter Hostname" "$(hostname)" "false"
-get_input "CERT_DIR" "Enter directory for certificates" "${HOME}/.step/certs" "false"
+get_input "CERT_DIR" "Enter directory for certificates" "$(step path)/certs" "false"
 get_input "CERT_LOCATION" "Enter specific path for cert" "${CERT_DIR}/${HOSTNAME}.crt" "false"
 get_input "KEY_LOCATION" "Enter specific path for private key" "${CERT_DIR}/${HOSTNAME}.key" "false"
 

systemd/cert-renewer.service

@@ -9,9 +9,6 @@ StartLimitIntervalSec=0
 Type=oneshot
 User=root
 
-Environment=CERT_LOCATION=/home/john/soteria/certs/soteria.crt \
-            KEY_LOCATION=/home/john/soteria/certs/soteria.key
-
 ; ExecCondition checks if the certificate is ready for renewal,
 ; based on the exit status of the command.
 ; (In systemd <242, you can use ExecStartPre= here.)
@@ -20,8 +17,8 @@ ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
 ; ExecStart renews the certificate, if ExecStartPre was successful.
 ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
 
-ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
+; ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
-ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
+; ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
 
 [Install]
 WantedBy=multi-user.target