diff --git a/nginx-create-session-ticket-keys b/create-session-ticket-keys similarity index 77% rename from nginx-create-session-ticket-keys rename to create-session-ticket-keys index 879d333..c3f3247 100755 --- a/nginx-create-session-ticket-keys +++ b/create-session-ticket-keys @@ -2,7 +2,7 @@ set -o errexit -o nounset -o pipefail -cd /etc/nginx/session-ticket-keys +cd /etc/session-ticket-keys for i in {1..4}; do head -c 80 $i.key diff --git a/etc/fstab.metal b/etc/fstab.metal index 0dd0b0e..c67bf14 100644 --- a/etc/fstab.metal +++ b/etc/fstab.metal @@ -2,4 +2,4 @@ /dev/md/boot /boot vfat rw,nosuid,nodev,noexec,fmask=0177,dmask=0077 0 2 /dev/mapper/swap none swap defaults 0 0 -tmpfs /etc/nginx/session-ticket-keys tmpfs size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service 0 0 +tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0 diff --git a/etc/fstab.virtual b/etc/fstab.virtual index f631d0f..3d6121f 100644 --- a/etc/fstab.virtual +++ b/etc/fstab.virtual @@ -1,2 +1,2 @@ /dev/mapper/swap none swap defaults 0 0 -tmpfs /etc/nginx/session-ticket-keys tmpfs size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service 0 0 +tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0 diff --git a/etc/pacreport.conf b/etc/pacreport.conf index f9ebe79..d5bb1ed 100644 --- a/etc/pacreport.conf +++ b/etc/pacreport.conf @@ -69,13 +69,13 @@ matterbridge-git = etc/systemd/system/matterbridge.service.d matterbridge-git = var/lib/matterbridge nftables = etc/sysctl.d/local-conntrack_size.conf nginx = etc/nginx -nginx = etc/systemd/system/nginx-create-session-ticket-keys.service -nginx = etc/systemd/system/nginx-rotate-session-ticket-keys.service -nginx = etc/systemd/system/nginx-rotate-session-ticket-keys.timer +nginx = etc/systemd/system/create-session-ticket-keys.service +nginx = etc/systemd/system/rotate-session-ticket-keys.service +nginx = etc/systemd/system/rotate-session-ticket-keys.timer nginx = etc/systemd/system/nginx.service.d nginx = srv -nginx = usr/local/bin/nginx-create-session-ticket-keys -nginx = usr/local/bin/nginx-rotate-session-ticket-keys +nginx = usr/local/bin/create-session-ticket-keys +nginx = usr/local/bin/rotate-session-ticket-keys nginx = var/lib/nginx opendkim = etc/opendkim opendkim = etc/systemd/system/opendkim.service diff --git a/etc/systemd/system/create-session-ticket-keys.service b/etc/systemd/system/create-session-ticket-keys.service new file mode 100644 index 0000000..49526d1 --- /dev/null +++ b/etc/systemd/system/create-session-ticket-keys.service @@ -0,0 +1,11 @@ +[Unit] +Description=Create TLS session ticket keys +Before=nginx.service + +[Service] +ExecStart=/usr/local/bin/create-session-ticket-keys +Type=oneshot +UMask=0077 + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/nginx-create-session-ticket-keys.service b/etc/systemd/system/nginx-create-session-ticket-keys.service deleted file mode 100644 index 4281859..0000000 --- a/etc/systemd/system/nginx-create-session-ticket-keys.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Create nginx TLS session ticket keys -Before=nginx.service - -[Service] -ExecStart=/usr/local/bin/nginx-create-session-ticket-keys -Type=oneshot -UMask=0077 - -[Install] -WantedBy=multi-user.target diff --git a/etc/systemd/system/nginx-rotate-session-ticket-keys.service b/etc/systemd/system/nginx-rotate-session-ticket-keys.service deleted file mode 100644 index 153e060..0000000 --- a/etc/systemd/system/nginx-rotate-session-ticket-keys.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Rotate nginx TLS session ticket keys -After=nginx.service nginx-create-session-ticket-keys.service -Requires=nginx.service nginx-create-session-ticket-keys.service - -[Service] -ExecStart=/usr/local/bin/nginx-rotate-session-ticket-keys -Type=oneshot -UMask=0077 diff --git a/etc/systemd/system/rotate-session-ticket-keys.service b/etc/systemd/system/rotate-session-ticket-keys.service new file mode 100644 index 0000000..40f56c4 --- /dev/null +++ b/etc/systemd/system/rotate-session-ticket-keys.service @@ -0,0 +1,9 @@ +[Unit] +Description=Rotate TLS session ticket keys +After=nginx.service create-session-ticket-keys.service +Requires=nginx.service create-session-ticket-keys.service + +[Service] +ExecStart=/usr/local/bin/rotate-session-ticket-keys +Type=oneshot +UMask=0077 diff --git a/etc/systemd/system/nginx-rotate-session-ticket-keys.timer b/etc/systemd/system/rotate-session-ticket-keys.timer similarity index 51% rename from etc/systemd/system/nginx-rotate-session-ticket-keys.timer rename to etc/systemd/system/rotate-session-ticket-keys.timer index bf1527c..c857270 100644 --- a/etc/systemd/system/nginx-rotate-session-ticket-keys.timer +++ b/etc/systemd/system/rotate-session-ticket-keys.timer @@ -1,5 +1,5 @@ [Unit] -Description=Run nginx-rotate-session-ticket-keys three times daily +Description=Run rotate-session-ticket-keys three times daily [Timer] OnCalendar=0/8:00:00 diff --git a/nginx-rotate-session-ticket-keys b/rotate-session-ticket-keys similarity index 85% rename from nginx-rotate-session-ticket-keys rename to rotate-session-ticket-keys index 8c27379..9882b35 100755 --- a/nginx-rotate-session-ticket-keys +++ b/rotate-session-ticket-keys @@ -2,7 +2,7 @@ set -o errexit -o nounset -o pipefail -cd /etc/nginx/session-ticket-keys +cd /etc/session-ticket-keys rsync -I 2.key 1.key rsync -I 3.key 2.key