graphene-os-server-infrastructure/rotate-session-ticket-keys

#!/bin/bash

set -o errexit -o nounset -o pipefail

cd /etc/session-ticket-keys

rsync -tI 2.key 1.key
rsync -tI 3.key 2.key
rsync -tI 4.key 3.key
rsync -tI next.key 4.key
head -c 80 </dev/random >tmp.key
mv tmp.key next.key

cat next.key {1..4}.key > keys.new
mv keys.new keys

status=0

if systemctl is-enabled nginx.service >/dev/null; then
    nginx -s reload || status=1
fi

if systemctl is-enabled dnsdist.service >/dev/null; then
    dnsdist -c -e 'reloadAllCertificates()' || status=1
fi

exit $status