From 428a1756f3b356067158277fb47e1f74908cd24e Mon Sep 17 00:00:00 2001
From: marc <marc@sastre.cat>
Date: Fri, 14 Mar 2025 20:01:35 +0100
Subject: [PATCH] Renew consul certificates

---
 README.org                                    |   2 +-
 docs/consul.org                               |   9 ++++++++-
 .../samfelag-server-thingvellir-key.pem.age   | Bin 548 -> 548 bytes
 .../samfelag-server-thingvellir.pem.age       | Bin 1302 -> 1302 bytes
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.org b/README.org
index 13579ad..95ad142 100644
--- a/README.org
+++ b/README.org
@@ -1,6 +1,6 @@
 * NixOS
 ** [[file:docs/install.org][Installing]]
-** Rebuilding
+*** Rebuilding
 #+BEGIN_SRC bash
 sudo nixos-rebuild switch --impure --flake ".#${HOST}"
 #+END_SRC
diff --git a/docs/consul.org b/docs/consul.org
index 6a416db..fcc97bf 100644
--- a/docs/consul.org
+++ b/docs/consul.org
@@ -1,6 +1,6 @@
 #+title: Consul
 * Server setup
-** Create a server keypair
+** Create a server keypair <<create_keypair>>
 Decrypt the CA (from the agenix secrets)
 #+begin_src bash
 agenix -i ~/.ssh/id_reykjavik -d consul.d/consul-agent-ca.pem.age > ~/tmp/consul-agent-ca.pem
@@ -78,3 +78,10 @@ JSON config:
   }
 }
 #+end_src
+* Renew expired certificates
+** Find the expired certificate
+#+begin_src
+openssl x509 -in /etc/consul.d/certs/samfelag-server-consul.pem -enddate -noout
+#+end_src
+
+Follow the steps described in [[create_keypair][Create a server keypair]].
diff --git a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
index cb10845b1237f4e281fcdad1793c1aafd54be1a4..760023e3a5a7689e10141c691c28c98ce698e22e 100644
GIT binary patch
delta 514
zcmV+d0{#7@1f&FzEPr!FGdEUaR4X<!RAw_-O<HMpZF(|#X-R8CYj}7$VOmgcLup4?
zZ$U6vV+vw&aam_=L03sIcUX8<X=Y7uayW8tQD<ynG<9`MVpeTqD_TN9H%>S~V+t)k
zAaiqQEoEdfH8n9gAZt!)X--ifZAL3cd1PsAHF!riPef8UGJkPaHf4BZG<7&jFj+K7
zWo&F!HdS_RZdq+-3Tkz2F>XOpLTFY;cS~e-a4%MGHfwHXWlUx=OmcEsVR$$&V>wJ!
zOJq$j3N0-yAVg|$R!K!}O=Cw#V=zKyWJ70eGGsP#Sxj$aGDTN!NO)v&LQ6$NQFl>Q
z3XO5BK@+Ou?0=10l&<urTDpi+-VS^v7oC`Bm{wO@+vmnvTOPbC5BolrQcm=Pcqpl!
zTutkUc3M?SBi$*6qMt(~mf)kjI;XmFI*MxZnD%zDuiVeE(?ZBt+BJi{yi$D7UHpYq
z+uEu%w6fMr8A*}ISMAImpX?o~DY2kgjk;{BqvnDLf_vfJN^}r4A#%e$2)T#lp{7Im
zF0?mTDB7=OD%5n*awCc!Q~o*!6+-xcwqEsA;Q$EIDvNGxpBhwf8DWj054D5ze(L<+
z9!@GI);_P_&z2O<!mRZFU>dXK0MybkJiKK<r-C>il5;HkpceVJ0k|f+wDuj$Bz132
Eo+U2WrvLx|

delta 514
zcmV+d0{#7@1f&FzEPr-zX-qM5Q#nj&MOR35RCI4{VP-*fZ$d*gWH~}jW@mFZXEs+)
zQBg!icM4HKR%by}YjRmNb1y|~Pf|!sGcZO)ZCW%@FfUeCbwWo-Q&>xJWq3w(RSGRW
zAaiqQEoEdfH8n9gAZt!)X--ifL~c}4XE9A#Su03NaC%fVVSjp7QaNKxcWiMoFKlsa
zMRRgja93$BQZ;UO3TS3>Z%j&RM>#`wHAq8FPIF5uc~xp_H)Uxxc2ZJAG+1JINK-X8
zNMce=3N0-yAT~oXN?|!KH$qHGW_Bw#aCmxcOH5T&PeL$EY-e_KRXIdyNlbTaMO1TD
z3UL_<u5q#44S#K)$<2HM(%)49ADIw_QCM0y``hX>6EBhkCvaarzdLMs646XxMf~I6
zLh!_FLB$64Ccdt2NuBkBk*Db0lF~MFet%(n!x`dDM@0SpL27Vw@9o*xUc=z(1X%8>
zY3U1X9eODSVq~#Lx<$cC+Az|$u9;9m;pzjdVI%@D5ql9rmJ@gFqVw&F_<m$&fO0+^
zbiSF;qLPe}EFLld&{gI3l`mSm0wxM?2Ye^yj>^^}zN|CH8QilG+%Jf6(=B8Z7-rra
zYI09`48^+lFA>OJ5vu5XC@vg9CRBicCaWKY_LwY+SCdp=0V6>AOw=GVZ{;JE&h7Qe
EdoJ9~-2eap

diff --git a/secrets/consul.d/samfelag-server-thingvellir.pem.age b/secrets/consul.d/samfelag-server-thingvellir.pem.age
index d517710ac9ffd5f70b4b5e1362e6b251b73f78fe..1c3e824c0e5adacf394cb058656546ea8185a3fe 100644
GIT binary patch
delta 1274
zcmV<W1O@w+3YH3xEPr8Db#+f|M|E^HYiM<DR#Z!RQgAOrdSpQ`WOp%nWnxiqFlTi{
zG)Y)eV+wL@XEkF%Sx+=bO)@!lK}=b3VQE-dcP~jnW^QO<OlxjvPew&iPf>D7Gzu*~
zAaiqQEoEdfH8n9gAZt!)X--ifQBE;4I7n(mNM|ucMnPCJOn-TDGjLT@YGrV7d09<3
zG)Gr;MKN)6VpnZN3RrnGZ#i{wFjrDkL2*lBIaXy^Wn^PnGDRz8FjjX)PH!=FFmg~d
zQ9^7<3N0-yAWBnCOhr^@HaU4%L}X5GS~6>IZbx)+No`h0S9D8nZh0?hMQBw^aaLtj
z3Pp+FYlsG;uYbL0bH`2kTc{580F9N;fq1x+u4D~f_)99Mp5FMSB3T|W8pq*d29I;J
zp6&7{<9~iBR9~v5GkfhN4anTvx|ZD(4WPgwa@vi)F?WQUo2ss-);Qx%4Pnj3*?<TI
zey|BoI&bi6=10?+XR#L;;RBO>$JT)vBgX|3zIC1sv44AarFqz@N#*Q`sh=~}8<(y9
zRG})~t7oSiSQ@R(3=OKU!=>C+{#i8rfG#<560m{qJBTct+}T-~F5%tx^%)SLGPb70
zR){|$+3-+>#Zah#=<+%}U<FN98F_s)Ink?*eTJM>7&61Eil%K^gVPCI-D4DOt8isC
zSIL2mcYnHfD_<h<AdunK*5^Lov(Fs1C>U+q7+c=g*0-Hf@xPSCS~bxy$j9Ao*9&1l
zSCVXJJ@peYN2~;dNpcdwMMy%n=y8Ol{3*&MwK;xSqeQ8g^vE+U3CDGz97A8ABuL=`
z{e+HEWCCaV*1iVevjJXUqaGaXsWjpGs>GxzV1IW6WqRGa)<B6wRm?$t;41$iRtqzI
zwR|OT>us-IvC*ilrY0J`RboAYXux%SEKj?#LGhZu?WIS3DAPk?V(VPa5_z#%#Tmk<
zWM`rrEAT9P1(PZGek>MhNK`;<*M(fqiU#~wGDk7=Z-@D?^HQ`S8*p(GElge|ldX|p
zDSsE`0T)9H%^g0Vo%X6B`IEqRjB}=(_Ds8ld4!!2`o{=a5=~pIiwg5tm&LD##@MdY
zx<YSuM_FfR6IV@Mg1Hxrq^HEliueOoxOyicTQ&v7!l{7W3jl0zs_JetH31KwHxY%l
z5XDpI1J{MwN}Ng~E!{0J%$cAhTT%y|pnu7(BjF=dG}9v48k{UU$#LE_F(-@XV+v~E
zPu%Nn3RR@*1tbv*bun70AXgRh7I*B-Pl`dGcO`7hS=rY(H^iD8FrdAx0=9UwZZPTN
z6elZ_VFKM!`Uu=A>CLnS%R#upd+0+vFZkzopGzi9+KQ$l=ipwx>O!WxSrt5xOn;aY
zS(33;>}}Jy<93Znf6$&xkC7DMGR8EG{?oHKw{wq05Qlt|{Pn~&juNy0^vQEMBH*xm
zzFk+z-doa7qjJB1GA)m*_I4RHY7(ULV{jyn^y0gqJQGnhPtwhZg1lDP(!~MEFD`I*
z3C(u@L?^e@xJ4P;>)w<UIM~}K#&hujAECT(yDCMV$(A*bbcWO(dBPR^E>%6d&8HIy
zDHip^O%W_loKdr|{_xmp=#o_W3rZ+tNKJD>5Ouqk;?pElKI6U6nU8^lalyUMb)}B<
kCX!+p8Y0~(v1pF%QTH%!Q<Uuisj<IowmV-1HjRX^&XAQ!IRF3v

delta 1274
zcmV<W1O@w+3YH3xEPq35NOWs@Fi=)`P<3`UWiK#NRY^25a7;sEWMOPfGk9(<b5mn9
zVKrw#cM5q>MtL<=YIJmVYfp1*D{CuQdU#ZGc6MYha8ECJOJ+woSa5N5OJjOhYYHts
zAaiqQEoEdfH8n9gAZt!)X--ifIahLUPBCq3R9QuDXk;)<ZhuBXOKvb~b5tvHb8KZX
zQc`L#HF<b=L2+(#3OI5|b#YN@QBOodSz0zoO+jlgT4z-;D^piAaAt9Ca#L?bV?$?G
zHBoGD3N0-yAZ|oLMmBUZNJvCBFluHobum>hI5TBoWp6KcbXs9~G-OgsHBV1=b3#IA
z3Oh^s+<Xk7U4QoCZr8#vD+U$_|8kbN;4H4EjA}k{FruaC@-n8gt}r6i+PhHW6HZ8i
zC?wzs85k-}eFecX>Rvqs;4)7@a<IlyBO#}LKHDVShk5^{ZPG0!1@?QKzE%ApxVEaO
z|M`wzdE=ZXw`x$%iyvov^8l#=Uhc8Wv<qxa)YJu)Re#z<nfFT<G^iWgj6rD?)a-hW
zidbfBHE)J_;9P1lSlkVb@of4+VPUYrl_QjmcYU!cGom>Xy0YS?`2r9fuU6Xfr_g#+
zK6%AD&o~i<PQ<HlfFKDw*u{&3I{@hA-mpBff7{}>)wEU}0xsEq(BxF!rYBbqQ^)JP
zit5hTuzx?;o}y3c+6&J|TsA;*a^y#zwoV>U>9r=y#S6mK{6X^7)mMcvTdsH1G459O
zrd9){H;7RbCw25omJ)o9v>{^P6=hjI^Rt4{MY5sA0nL1;)V7>_e^_1lp2>np<+zx~
z=1<pdfui|97Sfmn$Hm=wtlpWF_D?`^?Fht9Lx0-!oJxnauuDSkwb<bj4<sR~k3c1w
zInh4&TgytIq&=xKMF0>X2wiU2wT}KNO)`?&;rvh9eAInU`;`P7)ee0b2k8+T869LH
zhrnOUAi@asPRyU!-#1aue$&aIfO)_!4O*jOYrjQB-aallm6h;DWS?Tw7r*7ur+Pv+
z9)H9gU>=9DAM?_rWcTz}q6;jzCkO}*VV;gCkAZ$ZQ2T`W2|JBp<;hb2y-jzmH{ELz
z!3j7AC%KAdXK?6z{k5|GS8%UN0E1d@_DbsJAxdx0MQU~Xwom7D%_+11(2srl)U1}l
z+kk>A33bF*Aq$Hwx?Yp);9ro5gS9D<41Z?kAIeiAPW2OwfK>`%5S2sDe^y|cJY+zK
z0_MhjC|Ge!v7la1Q&?c2_Gy4Bu<Lb5{8&XvI}s_hOs=oHzKkmWX|?ISC47}~S(9pP
zu6eTlhRqscJOR;^PUh;YORPy9*Z<KtO9(oC^Ds~PVViJMvv&lf(2E^EKyw#V%YX4#
z>rawsg3=%jfxI(oXb_wmuM>^>m9m4ERAATh=n-39lyBHdzo=@EUD57z<k?z2qb$=>
zC@I1ZuPZ%NzK(eGu*ps5Z3rr%5Z#`svWeA@{{PvyU-t)G2qSV#%P45HR8&FgT0Y`7
zoFLeg%c`ekX)$vyF3B*@)l$Qx?{jKB4faYo$_+ohzhU5<bTm#2gpcqFr|<XJ>|ESP
zTT|RBIG^7jTrbJ}#H;DPEKvA`jt^eZ>plIepbcA<^M(+p)=KQ(6``>RbbO}zIS^cx
kUz?l5EHzY6f|BGAJ)L&>=<KVQV+(K8^=h4FhO#7Te~KzqO#lD@