From 0d1705320fc16629257efaf70fc653a2f3e49d07 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Thu, 30 Oct 2025 17:02:30 -0400
Subject: [PATCH] use consistent naming for session ticket key scripts/units

---
 deploy-web                                           |  6 +++---
 etc/fstab.metal                                      |  2 +-
 etc/fstab.virtual                                    |  2 +-
 etc/pacreport.conf                                   | 12 ++++++------
 .../system/rotate-session-ticket-keys.service        | 10 ----------
 etc/systemd/system/rotate-session-ticket-keys.timer  | 11 -----------
 ...ys.service => session-ticket-keys-create.service} |  2 +-
 .../system/session-ticket-keys-rotate.service        | 10 ++++++++++
 etc/systemd/system/session-ticket-keys-rotate.timer  | 11 +++++++++++
 etc/systemd/system/session-ticket-keys-sync.service  |  4 ++--
 etc/systemd/system/session-ticket-keys-sync.timer    |  6 +++---
 ...session-ticket-keys => session-ticket-keys-create |  0
 ...session-ticket-keys => session-ticket-keys-rotate |  0
 13 files changed, 38 insertions(+), 38 deletions(-)
 delete mode 100644 etc/systemd/system/rotate-session-ticket-keys.service
 delete mode 100644 etc/systemd/system/rotate-session-ticket-keys.timer
 rename etc/systemd/system/{create-session-ticket-keys.service => session-ticket-keys-create.service} (78%)
 create mode 100644 etc/systemd/system/session-ticket-keys-rotate.service
 create mode 100644 etc/systemd/system/session-ticket-keys-rotate.timer
 rename create-session-ticket-keys => session-ticket-keys-create (100%)
 rename rotate-session-ticket-keys => session-ticket-keys-rotate (100%)

diff --git a/deploy-web b/deploy-web
index d3f0a96..0795dbc 100755
--- a/deploy-web
+++ b/deploy-web
@@ -12,13 +12,13 @@ for host in ${hosts_web[@]}; do
 
     ssh $remote ln -snf /usr/lib/nginx/modules/ /etc/nginx/modules
 
-    rsync etc/systemd/system/{create-session-ticket-keys.service,rotate-session-ticket-keys.service,rotate-session-ticket-keys.timer} $remote:/etc/systemd/system/
-    rsync --chmod=755 create-session-ticket-keys rotate-session-ticket-keys $remote:/usr/local/bin/
+    rsync etc/systemd/system/{session-ticket-keys-create.service,session-ticket-keys-rotate.service,session-ticket-keys-rotate.timer} $remote:/etc/systemd/system/
+    rsync --chmod=755 session-ticket-keys-create session-ticket-keys-rotate $remote:/usr/local/bin/
     rsync -r --delete etc/systemd/system/nginx.service.d/ $remote:/etc/systemd/system/nginx.service.d
 
     ssh $remote "mkdir -pm755 /var/cache/nginx
 groupadd -fg 2100 tls
 mkdir -p -m 750 /etc/session-ticket-keys && chgrp tls /etc/session-ticket-keys
 systemctl daemon-reload &&
-systemctl enable create-session-ticket-keys.service rotate-session-ticket-keys.timer nginx"
+systemctl enable session-ticket-keys-create.service session-ticket-keys-rotate.timer nginx"
 done
diff --git a/etc/fstab.metal b/etc/fstab.metal
index fec4910..88b96cc 100644
--- a/etc/fstab.metal
+++ b/etc/fstab.metal
@@ -2,4 +2,4 @@
 /dev/md/boot /boot vfat rw,nosuid,nodev,noexec,fmask=0177,dmask=0077 0 2
 
 /dev/mapper/swap none swap x-systemd.device-timeout=30 0 0
-tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,gid=tls,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0
+tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,gid=tls,noswap,x-systemd.before=session-ticket-keys-create.service,x-systemd.required-by=session-ticket-keys-create.service 0 0
diff --git a/etc/fstab.virtual b/etc/fstab.virtual
index bd10ef5..4389570 100644
--- a/etc/fstab.virtual
+++ b/etc/fstab.virtual
@@ -1,2 +1,2 @@
 /dev/mapper/swap none swap x-systemd.device-timeout=30 0 0
-tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,gid=tls,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0
+tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,gid=tls,noswap,x-systemd.before=session-ticket-keys-create.service,x-systemd.required-by=session-ticket-keys-create.service 0 0
diff --git a/etc/pacreport.conf b/etc/pacreport.conf
index fc0be8a..339ff23 100644
--- a/etc/pacreport.conf
+++ b/etc/pacreport.conf
@@ -4,7 +4,6 @@ IgnoreUnowned = etc/letsencrypt
 IgnoreUnowned = etc/locale.conf
 IgnoreUnowned = etc/modprobe.d/local.conf
 IgnoreUnowned = etc/modules-load.d/60-local.conf
-IgnoreUnowned = etc/session-ticket-keys
 IgnoreUnowned = etc/sysctl.d/60-local.conf
 IgnoreUnowned = etc/sysctl.d/60-conntrack_size.conf
 IgnoreUnowned = etc/sysctl.d/60-reserved-ports.conf
@@ -87,13 +86,14 @@ mdadm = etc/systemd/system/mdmonitor.service.wants
 mdadm = var/lib/mdcheck
 nftables = etc/sysctl.d/local-conntrack_size.conf
 nginx = etc/nginx
-nginx = etc/systemd/system/create-session-ticket-keys.service
+nginx = etc/session-ticket-keys
 nginx = etc/systemd/system/nginx.service.d
-nginx = etc/systemd/system/rotate-session-ticket-keys.service
-nginx = etc/systemd/system/rotate-session-ticket-keys.timer
+nginx = etc/systemd/system/session-ticket-keys-create.service
+nginx = etc/systemd/system/session-ticket-keys-rotate.service
+nginx = etc/systemd/system/session-ticket-keys-rotate.timer
 nginx = srv
-nginx = usr/local/bin/create-session-ticket-keys
-nginx = usr/local/bin/rotate-session-ticket-keys
+nginx = usr/local/bin/session-ticket-keys-create
+nginx = usr/local/bin/session-ticket-keys-rotate
 nginx = var/lib/nginx
 opendkim = etc/opendkim
 opendkim = etc/systemd/system/opendkim.service
diff --git a/etc/systemd/system/rotate-session-ticket-keys.service b/etc/systemd/system/rotate-session-ticket-keys.service
deleted file mode 100644
index 1a0ffb7..0000000
--- a/etc/systemd/system/rotate-session-ticket-keys.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Rotate TLS session ticket keys
-After=dnsdist.service nginx.service create-session-ticket-keys.service
-Requires=create-session-ticket-keys.service
-
-[Service]
-ExecStart=/usr/local/bin/rotate-session-ticket-keys
-Group=tls
-Type=oneshot
-UMask=0027
diff --git a/etc/systemd/system/rotate-session-ticket-keys.timer b/etc/systemd/system/rotate-session-ticket-keys.timer
deleted file mode 100644
index f734bee..0000000
--- a/etc/systemd/system/rotate-session-ticket-keys.timer
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Run rotate-session-ticket-keys every 6 hours
-After=create-session-ticket-keys.service
-Requires=create-session-ticket-keys.service
-
-[Timer]
-OnActiveSec=6h
-OnUnitActiveSec=6h
-
-[Install]
-WantedBy=timers.target
diff --git a/etc/systemd/system/create-session-ticket-keys.service b/etc/systemd/system/session-ticket-keys-create.service
similarity index 78%
rename from etc/systemd/system/create-session-ticket-keys.service
rename to etc/systemd/system/session-ticket-keys-create.service
index 51c4bb2..82f7e99 100644
--- a/etc/systemd/system/create-session-ticket-keys.service
+++ b/etc/systemd/system/session-ticket-keys-create.service
@@ -3,7 +3,7 @@ Description=Create TLS session ticket keys
 Before=dnsdist.service nginx.service
 
 [Service]
-ExecStart=/usr/local/bin/create-session-ticket-keys
+ExecStart=/usr/local/bin/session-ticket-keys-create
 Group=tls
 RemainAfterExit=yes
 Type=oneshot
diff --git a/etc/systemd/system/session-ticket-keys-rotate.service b/etc/systemd/system/session-ticket-keys-rotate.service
new file mode 100644
index 0000000..166222c
--- /dev/null
+++ b/etc/systemd/system/session-ticket-keys-rotate.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Rotate TLS session ticket keys
+After=dnsdist.service nginx.service session-ticket-keys-create.service
+Requires=session-ticket-keys-create.service
+
+[Service]
+ExecStart=/usr/local/bin/session-ticket-keys-rotate
+Group=tls
+Type=oneshot
+UMask=0027
diff --git a/etc/systemd/system/session-ticket-keys-rotate.timer b/etc/systemd/system/session-ticket-keys-rotate.timer
new file mode 100644
index 0000000..579c931
--- /dev/null
+++ b/etc/systemd/system/session-ticket-keys-rotate.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Rotate session ticket keys every 6 hours
+After=session-ticket-keys-create.service
+Requires=session-ticket-keys-create.service
+
+[Timer]
+OnActiveSec=6h
+OnUnitActiveSec=6h
+
+[Install]
+WantedBy=timers.target
diff --git a/etc/systemd/system/session-ticket-keys-sync.service b/etc/systemd/system/session-ticket-keys-sync.service
index 1bf2a34..3b86d54 100644
--- a/etc/systemd/system/session-ticket-keys-sync.service
+++ b/etc/systemd/system/session-ticket-keys-sync.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Sync TLS session ticket keys
-After=dnsdist.service nginx.service create-session-ticket-keys.service
-Requires=create-session-ticket-keys.service
+After=dnsdist.service nginx.service session-ticket-keys-create.service
+Requires=session-ticket-keys-create.service
 
 [Service]
 ExecStart=/usr/local/bin/session-ticket-keys-sync
diff --git a/etc/systemd/system/session-ticket-keys-sync.timer b/etc/systemd/system/session-ticket-keys-sync.timer
index d1e83a1..22f9111 100644
--- a/etc/systemd/system/session-ticket-keys-sync.timer
+++ b/etc/systemd/system/session-ticket-keys-sync.timer
@@ -1,7 +1,7 @@
 [Unit]
-Description=Run session-ticket-keys-sync.service every minute
-After=create-session-ticket-keys.service
-Requires=create-session-ticket-keys.service
+Description=Sync session ticket keys every minute
+After=session-ticket-keys-create.service
+Requires=session-ticket-keys-create.service
 
 [Timer]
 AccuracySec=1s
diff --git a/create-session-ticket-keys b/session-ticket-keys-create
similarity index 100%
rename from create-session-ticket-keys
rename to session-ticket-keys-create
diff --git a/rotate-session-ticket-keys b/session-ticket-keys-rotate
similarity index 100%
rename from rotate-session-ticket-keys
rename to session-ticket-keys-rotate