WIP: testing env config locally — do not merge

This commit is contained in:
Jonas Müller 2026-02-06 15:30:00 +00:00
parent ece754e107
commit d4a311e7d7
2 changed files with 25 additions and 0 deletions

8
.env Normal file
View file

@ -0,0 +1,8 @@
# Production environment — DO NOT COMMIT
DB_HOST=db.nexus.local
DB_USER=nexus_app
DB_PASS=
API_TOKEN=FHIDWCTF2026{ghost-in-the-machine_dangling_c0mm1t_surv1v3s}
VAULT_ADDR=https://vault.nexus.local
VAULT_TOKEN=
AWS_REGION=eu-central-1

17
scripts/rotate-certs.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
# Renew and deploy TLS certificates via certbot + Vault.
set -euo pipefail
DOMAINS=("nexus.local" "*.nexus.local")
EMAIL="infra@nexus.local"
for DOMAIN in "${DOMAINS[@]}"; do
certbot certonly --dns-route53 \
-d "$DOMAIN" \
--email "$EMAIL" \
--agree-tos \
--non-interactive
done
echo "[certs] Renewed. Reloading nginx..."
systemctl reload nginx