robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 17:14:08 +02:00
Code Issues Projects Releases Wiki Activity

move redis certificates

Browse source
This commit is contained in:
Robin Appelman 2026-03-09 18:30:32 +01:00
commit 80d71bd7a0
17 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

0
redis-certificates/ca.crt → certificates/redis/ca.crt
View file

0
redis-certificates/ca.key → certificates/redis/ca.key
View file

0
redis-certificates/ca.txt → certificates/redis/ca.txt
View file

0
redis-certificates/client.crt → certificates/redis/client.crt
View file

0
redis-certificates/client.key → certificates/redis/client.key
View file

0
redis-certificates/openssl.cnf → certificates/redis/openssl.cnf
View file

0
redis-certificates/redis.crt → certificates/redis/redis.crt
View file

0
redis-certificates/redis.dh → certificates/redis/redis.dh
View file

0
redis-certificates/redis.key → certificates/redis/redis.key
View file

0
redis-certificates/server.crt → certificates/redis/server.crt
View file

0
redis-certificates/server.key → certificates/redis/server.key
View file

2
flake.nix
View file

@ -24,7 +24,7 @@
}; };
extraPaths = [ extraPaths = [
./redis-certificates ./certificates
]; ];
withOverlays = [ withOverlays = [

6
nix/image/bootstrap.sh
View file

@ -59,9 +59,9 @@ if [ -n "${REDIS_TLS:-}" ]
then then
redis-server --protected-mode no \ redis-server --protected-mode no \
--tls-port 6379 --port 0 \ --tls-port 6379 --port 0 \
--tls-cert-file /redis-certificates/server.crt \ --tls-cert-file /certificates/redis/server.crt \
--tls-key-file /redis-certificates/server.key \ --tls-key-file /certificates/redis/server.key \
--tls-ca-cert-file /redis-certificates/ca.crt & --tls-ca-cert-file /certificates/redis/ca.crt &
else else
redis-server --protected-mode no & redis-server --protected-mode no &
fi fi

6
nix/image/configs/nc/redis-tls.php
View file

@ -2,9 +2,9 @@
'host' => 'tls://127.0.0.1', 'host' => 'tls://127.0.0.1',
'port' => 6379, 'port' => 6379,
'ssl_context' => [ 'ssl_context' => [
'local_cert' => '/redis-certificates/client.crt', 'local_cert' => '/certificates/redis/client.crt',
'local_pk' => '/redis-certificates/client.key', 'local_pk' => '/certificates/redis/client.key',
'cafile' => '/redis-certificates/ca.crt', 'cafile' => '/certificates/redis/ca.crt',
'verify_peer_name' => false, 'verify_peer_name' => false,
], ],
], ],

6
nix/image/haze.nix
View file

@ -104,9 +104,9 @@
''; '';
}; };
redis-certificates = runCommand "scripts" {} '' certificates = runCommand "scripts" {} ''
mkdir -p $out mkdir -p $out
cp -r ${../../redis-certificates} $out/redis-certificates cp -r ${../../certificates} $out/certificates
''; '';
clamav-data = runCommand "scripts" {} '' clamav-data = runCommand "scripts" {} ''
mkdir -p $out/etc mkdir -p $out/etc
@ -170,7 +170,7 @@ in
bootstrap bootstrap
configs configs
scripts scripts
redis-certificates certificates
clamav-data clamav-data
shadowSetupScript shadowSetupScript
]; ];

2
nix/package.nix
View file

@ -7,7 +7,7 @@
inherit (lib) getExe; inherit (lib) getExe;
inherit (lib.sources) sourceByRegex; inherit (lib.sources) sourceByRegex;
inherit (builtins) fromTOML readFile; inherit (builtins) fromTOML readFile;
src = sourceByRegex ../. ["Cargo.*" "(src|redis-certificates)(/.*)?"]; src = sourceByRegex ../. ["Cargo.*" "(src|certificates)(/.*)?"];
version = (fromTOML (readFile ../Cargo.toml)).package.version; version = (fromTOML (readFile ../Cargo.toml)).package.version;
in in
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {

14
src/main.rs
View file

@ -421,16 +421,16 @@ async fn main() -> Result<ExitCode> {
); );
if cloud.services().contains(&Service::RedisTls(RedisTls)) { if cloud.services().contains(&Service::RedisTls(RedisTls)) {
create_dir_all(config.work_dir.join("redis_certificates")) create_dir_all(config.work_dir.join("certificates/redis"))
.into_diagnostic() .into_diagnostic()
.wrap_err("Failed to create redis certificate directory")?; .wrap_err("Failed to create redis certificate directory")?;
let redis_cert_path = config.work_dir.join("redis_certificates/client.cert"); let redis_cert_path = config.work_dir.join("certificates/redis/client.cert");
let redis_key_path = config.work_dir.join("redis_certificates/client.key"); let redis_key_path = config.work_dir.join("certificates/redis/client.key");
let redis_ca_path = config.work_dir.join("redis_certificates/ca.cert"); let redis_ca_path = config.work_dir.join("certificates/redis/ca.cert");
if !redis_cert_path.exists() { if !redis_cert_path.exists() {
write( write(
&redis_cert_path, &redis_cert_path,
include_bytes!("../redis-certificates/client.crt"), include_bytes!("../certificates/redis/client.crt"),
) )
.into_diagnostic() .into_diagnostic()
.wrap_err("Failed to write redis client certificate")?; .wrap_err("Failed to write redis client certificate")?;
@ -438,7 +438,7 @@ async fn main() -> Result<ExitCode> {
if !redis_key_path.exists() { if !redis_key_path.exists() {
write( write(
&redis_key_path, &redis_key_path,
include_bytes!("../redis-certificates/client.key"), include_bytes!("../certificates/redis/client.key"),
) )
.into_diagnostic() .into_diagnostic()
.wrap_err("Failed to write redis client key")?; .wrap_err("Failed to write redis client key")?;
@ -446,7 +446,7 @@ async fn main() -> Result<ExitCode> {
if !redis_ca_path.exists() { if !redis_ca_path.exists() {
write( write(
&redis_ca_path, &redis_ca_path,
include_bytes!("../redis-certificates/ca.crt"), include_bytes!("../certificates/redis/ca.crt"),
) )
.into_diagnostic() .into_diagnostic()
.wrap_err("Failed to write redis ca certificate")?; .wrap_err("Failed to write redis ca certificate")?;