From d4a311e7d711926e2b99aac09a96972e03bba7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20M=C3=BCller?= Date: Fri, 6 Feb 2026 15:30:00 +0000 Subject: [PATCH] =?UTF-8?q?WIP:=20testing=20env=20config=20locally=20?= =?UTF-8?q?=E2=80=94=20do=20not=20merge?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 8 ++++++++ scripts/rotate-certs.sh | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 .env create mode 100755 scripts/rotate-certs.sh diff --git a/.env b/.env new file mode 100644 index 0000000..56c38a2 --- /dev/null +++ b/.env @@ -0,0 +1,8 @@ +# Production environment — DO NOT COMMIT +DB_HOST=db.nexus.local +DB_USER=nexus_app +DB_PASS= +API_TOKEN=FHIDWCTF2026{ghost-in-the-machine_dangling_c0mm1t_surv1v3s} +VAULT_ADDR=https://vault.nexus.local +VAULT_TOKEN= +AWS_REGION=eu-central-1 diff --git a/scripts/rotate-certs.sh b/scripts/rotate-certs.sh new file mode 100755 index 0000000..0329bd6 --- /dev/null +++ b/scripts/rotate-certs.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# Renew and deploy TLS certificates via certbot + Vault. +set -euo pipefail + +DOMAINS=("nexus.local" "*.nexus.local") +EMAIL="infra@nexus.local" + +for DOMAIN in "${DOMAINS[@]}"; do + certbot certonly --dns-route53 \ + -d "$DOMAIN" \ + --email "$EMAIL" \ + --agree-tos \ + --non-interactive +done + +echo "[certs] Renewed. Reloading nginx..." +systemctl reload nginx