Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
step-cli
more-units.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File more-units.patch of Package step-cli
Index: cli-0.22.0/systemd/ssh-cert-renewer@.service =================================================================== --- /dev/null +++ cli-0.22.0/systemd/ssh-cert-renewer@.service @@ -0,0 +1,30 @@ +[Unit] +Description=Smallstep SSH Certificate Renewal for the %I host certificate +After=network-online.target +Documentation=https://smallstep.com/docs/step-ca/certificate-authority-server-production +StartLimitIntervalSec=0 +PartOf=cert-renewer.target + +[Service] +Type=oneshot +User=root + +Environment=STEPPATH=/etc/step \ + CERT_LOCATION=/etc/ssh/ssh_host_%i_key-cert.pub \ + KEY_LOCATION=/etc/ssh/ssh_host_%i_key + +; ExecCondition checks if the certificate is ready for renewal, +; based on the exit status of the command. +; (In systemd <242, you can use ExecStartPre= here.) +ExecCondition=/usr/bin/step ssh needs-renewal ${CERT_LOCATION} + +; ExecStart renews the certificate, if ExecStartPre was successful. +ExecStart=/usr/bin/step ssh renew --force ${CERT_LOCATION} ${KEY_LOCATION} + +; Try to reload or restart the systemd service that relies on this cert-renewer +; If the relying service doesn't exist, forge ahead. +; (In systemd <229, use `reload-or-try-restart` instead of `try-reload-or-restart`) +ExecStartPost=/usr/bin/env sh -c "! systemctl --quiet is-enabled sshd.service || systemctl try-reload-or-restart sshd" + +[Install] +WantedBy=multi-user.target Index: cli-0.22.0/systemd/ssh-cert-renewer@.timer =================================================================== --- /dev/null +++ cli-0.22.0/systemd/ssh-cert-renewer@.timer @@ -0,0 +1,19 @@ +[Unit] +Description=Timer for Smallstep SSH Certificate Renewal for the %I host certificate +Documentation=https://smallstep.com/docs/step-ca/certificate-authority-server-production +PartOf=cert-renewer.target + +[Timer] +Persistent=true + +; Run the timer unit every 5 minutes. +OnCalendar=*:1/5 + +; Always run the timer on time. +AccuracySec=1us + +; Add jitter to prevent a "thundering hurd" of simultaneous certificate renewals. +RandomizedDelaySec=5m + +[Install] +WantedBy=timers.target
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
