make session ticket management more generic

create-session-ticket-keys

@@ -2,7 +2,7 @@
 
 set -o errexit -o nounset -o pipefail
 
-cd /etc/nginx/session-ticket-keys
+cd /etc/session-ticket-keys
 
 for i in {1..4}; do
     head -c 80 </dev/random >$i.key

etc/fstab.metal

@@ -2,4 +2,4 @@
 /dev/md/boot /boot vfat rw,nosuid,nodev,noexec,fmask=0177,dmask=0077 0 2
 
 /dev/mapper/swap none swap defaults 0 0
-tmpfs /etc/nginx/session-ticket-keys tmpfs size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service 0 0
+tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0

etc/fstab.virtual

@@ -1,2 +1,2 @@
 /dev/mapper/swap none swap defaults 0 0
-tmpfs /etc/nginx/session-ticket-keys tmpfs size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service 0 0
+tmpfs /etc/session-ticket-keys tmpfs size=1M,mode=750,noswap,x-systemd.before=create-session-ticket-keys.service,x-systemd.required-by=create-session-ticket-keys.service 0 0

etc/pacreport.conf

@@ -69,13 +69,13 @@ matterbridge-git = etc/systemd/system/matterbridge.service.d
 matterbridge-git = var/lib/matterbridge
 nftables = etc/sysctl.d/local-conntrack_size.conf
 nginx = etc/nginx
-nginx = etc/systemd/system/nginx-create-session-ticket-keys.service
+nginx = etc/systemd/system/create-session-ticket-keys.service
-nginx = etc/systemd/system/nginx-rotate-session-ticket-keys.service
+nginx = etc/systemd/system/rotate-session-ticket-keys.service
-nginx = etc/systemd/system/nginx-rotate-session-ticket-keys.timer
+nginx = etc/systemd/system/rotate-session-ticket-keys.timer
 nginx = etc/systemd/system/nginx.service.d
 nginx = srv
-nginx = usr/local/bin/nginx-create-session-ticket-keys
+nginx = usr/local/bin/create-session-ticket-keys
-nginx = usr/local/bin/nginx-rotate-session-ticket-keys
+nginx = usr/local/bin/rotate-session-ticket-keys
 nginx = var/lib/nginx
 opendkim = etc/opendkim
 opendkim = etc/systemd/system/opendkim.service

etc/systemd/system/create-session-ticket-keys.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Create TLS session ticket keys
+Before=nginx.service
+
+[Service]
+ExecStart=/usr/local/bin/create-session-ticket-keys
+Type=oneshot
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/nginx-create-session-ticket-keys.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Create nginx TLS session ticket keys
-Before=nginx.service
-
-[Service]
-ExecStart=/usr/local/bin/nginx-create-session-ticket-keys
-Type=oneshot
-UMask=0077
-
-[Install]
-WantedBy=multi-user.target

etc/systemd/system/nginx-rotate-session-ticket-keys.service

@@ -1,9 +0,0 @@
-[Unit]
-Description=Rotate nginx TLS session ticket keys
-After=nginx.service nginx-create-session-ticket-keys.service
-Requires=nginx.service nginx-create-session-ticket-keys.service
-
-[Service]
-ExecStart=/usr/local/bin/nginx-rotate-session-ticket-keys
-Type=oneshot
-UMask=0077

etc/systemd/system/rotate-session-ticket-keys.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Rotate TLS session ticket keys
+After=nginx.service create-session-ticket-keys.service
+Requires=nginx.service create-session-ticket-keys.service
+
+[Service]
+ExecStart=/usr/local/bin/rotate-session-ticket-keys
+Type=oneshot
+UMask=0077

etc/systemd/system/rotate-session-ticket-keys.timer

@@ -1,5 +1,5 @@
 [Unit]
-Description=Run nginx-rotate-session-ticket-keys three times daily
+Description=Run rotate-session-ticket-keys three times daily
 
 [Timer]
 OnCalendar=0/8:00:00

rotate-session-ticket-keys

@@ -2,7 +2,7 @@
 
 set -o errexit -o nounset -o pipefail
 
-cd /etc/nginx/session-ticket-keys
+cd /etc/session-ticket-keys
 
 rsync -I 2.key 1.key
 rsync -I 3.key 2.key