WIP: testing env config locally — do not merge
This commit is contained in:
parent
ece754e107
commit
d4a311e7d7
2 changed files with 25 additions and 0 deletions
8
.env
Normal file
8
.env
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# Production environment — DO NOT COMMIT
|
||||
DB_HOST=db.nexus.local
|
||||
DB_USER=nexus_app
|
||||
DB_PASS=
|
||||
API_TOKEN=FHIDWCTF2026{ghost-in-the-machine_dangling_c0mm1t_surv1v3s}
|
||||
VAULT_ADDR=https://vault.nexus.local
|
||||
VAULT_TOKEN=
|
||||
AWS_REGION=eu-central-1
|
||||
17
scripts/rotate-certs.sh
Executable file
17
scripts/rotate-certs.sh
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
# Renew and deploy TLS certificates via certbot + Vault.
|
||||
set -euo pipefail
|
||||
|
||||
DOMAINS=("nexus.local" "*.nexus.local")
|
||||
EMAIL="infra@nexus.local"
|
||||
|
||||
for DOMAIN in "${DOMAINS[@]}"; do
|
||||
certbot certonly --dns-route53 \
|
||||
-d "$DOMAIN" \
|
||||
--email "$EMAIL" \
|
||||
--agree-tos \
|
||||
--non-interactive
|
||||
done
|
||||
|
||||
echo "[certs] Renewed. Reloading nginx..."
|
||||
systemctl reload nginx
|
||||
Loading…
Reference in a new issue