Temporarily remove alt. config with self provided certs

This alternative config is frequently out of sync as I forget to update it alongside the main. We need a better way to handle that.
travier · Jan 4, 2021 · 21c03b2 · 21c03b2
1 parent bbfb226
commit 21c03b2
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 302 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,4 @@
 /secrets
-/certs.tar.gz
 
 /config
 /config*.ign

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: all certs
+.PHONY: all
 
 include secrets
 
@@ -14,17 +14,3 @@ all:
 	echo ${SYNAPSE_SIGNING_KEY} > config/synapse/synapse.signing.key
 	sed 's/%%SSH_PUBKEY%%/${SSH_PUBKEY}/; s/%%POSTGRES_PASSWORD%%/${POSTGRES_PASSWORD}/' config.yaml \
 		| fcct --files-dir config --strict --output config.ign
-
-certs:
-	rm -rf ./config
-	cp -a template config
-	cp certs.tar.gz config
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%DOMAIN_NAME%%/${DOMAIN_NAME}/g'
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%EMAIL%%/${EMAIL}/'
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%POSTGRES_PASSWORD%%/${POSTGRES_PASSWORD}/'
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%SYNAPSE_REGISTRATION_SHARED_SECRET%%/${SYNAPSE_REGISTRATION_SHARED_SECRET}/'
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%SYNAPSE_MACAROON_SECRET_KEY%%/${SYNAPSE_MACAROON_SECRET_KEY}/'
-	find config/ -type f -print0 | xargs -0 sed -i 's/%%SYNAPSE_FORM_SECRET%%/${SYNAPSE_FORM_SECRET}/'
-	echo ${SYNAPSE_SIGNING_KEY} > config/synapse/synapse.signing.key
-	sed 's/%%SSH_PUBKEY%%/${SSH_PUBKEY}/; s/%%POSTGRES_PASSWORD%%/${POSTGRES_PASSWORD}/' config-certs.yaml \
-		| fcct --files-dir config --strict --output config-certs.ign
diff --git a/README.md b/README.md
@@ -188,46 +188,6 @@ $ systemctl start synapse
 $ rm -rf /var/srv/matrix/postgres.dump
 ```
 
-## Alternative with certificates
-
-If you already have certificates from Let's Encrypt, you can create an archive
-named `certs.tar.gz` including your certificates and certbot config with the
-following format:
-
-```
-letsencrypt-certs/
-letsencrypt-certs/cli.ini
-letsencrypt-certs/accounts/
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/directory/
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/directory/<changeme>/
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/directory/<changeme>/private_key.json
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/directory/<changeme>/meta.json
-letsencrypt-certs/accounts/acme-v02.api.letsencrypt.org/directory/<changeme>/regr.json
-letsencrypt-certs/renewal/
-letsencrypt-certs/renewal/<DOMAIN_NAME>.conf
-letsencrypt-certs/keys/
-letsencrypt-certs/keys/0000_key-certbot.pem
-letsencrypt-certs/csr/
-letsencrypt-certs/csr/0000_csr-certbot.pem
-letsencrypt-certs/archive/
-letsencrypt-certs/archive/<DOMAIN_NAME>/
-letsencrypt-certs/archive/<DOMAIN_NAME>/cert1.pem
-letsencrypt-certs/archive/<DOMAIN_NAME>/privkey1.pem
-letsencrypt-certs/archive/<DOMAIN_NAME>/chain1.pem
-letsencrypt-certs/archive/<DOMAIN_NAME>/fullchain1.pem
-letsencrypt-certs/live/
-letsencrypt-certs/live/<DOMAIN_NAME>/
-letsencrypt-certs/live/<DOMAIN_NAME>/cert.pem
-letsencrypt-certs/live/<DOMAIN_NAME>/privkey.pem
-letsencrypt-certs/live/<DOMAIN_NAME>/chain.pem
-letsencrypt-certs/live/<DOMAIN_NAME>/fullchain.pem
-letsencrypt-certs/live/<DOMAIN_NAME>/README
-```
-
-Then fill your other secrets and build the Ignition config with `make certs`
-and proceed to deployment.
-
 [deploy]: https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/
 [plugins]: https://certbot.eff.org/docs/using.html#dns-plugins
 [updates]: https://coreos.github.io/zincati/usage/updates-strategy/#periodic-strategy
diff --git a/config-certs.yaml b/config-certs.yaml