dezky/infrastructure/production/host/stalwart/stalwart-cert-sync.service at 955357a91a944efd294453853fa6daf77153ec60 - dezky - Gitea: Git with a cup of tea

ronnibaslund/dezky

Files

T

Ronni Baslund 3831c85285 feat(infra): production host bootstrap and bare-metal Stalwart scaffolding

Host provisioning for the single-server production target: SSH + firewall
hardening (nftables allowlist), k3s node registration, bare-metal Stalwart
install with systemd units and TLS cert-sync from the cluster secret, and
Restic encrypted backup/restore (primary + DR) with timer units. Host-specific
secrets live in config.env (gitignored); config.env.example is the template.
Also gitignores MemPalace per-project files.

2026-06-07 00:19:48 +02:00

11 lines

306 B

Desktop File

Raw Blame History

 # Oneshot: sync the mail TLS cert from the cluster to Stalwart.
 # Triggered by stalwart-cert-sync.timer.
 [Unit]
 Description=Sync mail.dezky.eu TLS cert from cluster to Stalwart
 After=network-online.target k3s.service
 Wants=network-online.target
 [Service]
 Type=oneshot
 ExecStart=/opt/stalwart/cert-sync.sh