WIP: testing env config locally — do not merge
This commit is contained in:
parent
ece754e107
commit
d4a311e7d7
2 changed files with 25 additions and 0 deletions
8
.env
Normal file
8
.env
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Production environment — DO NOT COMMIT
|
||||||
|
DB_HOST=db.nexus.local
|
||||||
|
DB_USER=nexus_app
|
||||||
|
DB_PASS=
|
||||||
|
API_TOKEN=FHIDWCTF2026{ghost-in-the-machine_dangling_c0mm1t_surv1v3s}
|
||||||
|
VAULT_ADDR=https://vault.nexus.local
|
||||||
|
VAULT_TOKEN=
|
||||||
|
AWS_REGION=eu-central-1
|
||||||
17
scripts/rotate-certs.sh
Executable file
17
scripts/rotate-certs.sh
Executable file
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Renew and deploy TLS certificates via certbot + Vault.
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
DOMAINS=("nexus.local" "*.nexus.local")
|
||||||
|
EMAIL="infra@nexus.local"
|
||||||
|
|
||||||
|
for DOMAIN in "${DOMAINS[@]}"; do
|
||||||
|
certbot certonly --dns-route53 \
|
||||||
|
-d "$DOMAIN" \
|
||||||
|
--email "$EMAIL" \
|
||||||
|
--agree-tos \
|
||||||
|
--non-interactive
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "[certs] Renewed. Reloading nginx..."
|
||||||
|
systemctl reload nginx
|
||||||
Loading…
Reference in a new issue