yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

monitoring: extend telegraf certificate expiration to 100 years

Browse Source 
The default 30-day expiration was causing certificates to expire
frequently, breaking monitoring. Setting to 100 years provides a
temporary solution until automated certificate rotation is implemented.

Fixes #5605
This commit is contained in:
Jörg Thalheim
2025-10-21 15:05:38 +02:00
parent 37da9fb3e4
commit 98136142b4
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clanServices/monitoring/telegraf.nix
View File

@@ -44,8 +44,10 @@
pkgs.openssl pkgs.openssl
]; ];
# TODO: Implement automated certificate rotation instead of using a 100-year expiration
script = '' script = ''
openssl req -x509 -nodes -newkey rsa:4096 \ openssl req -x509 -nodes -newkey rsa:4096 \
-days 36500 \
-keyout "$out"/key \ -keyout "$out"/key \
-out "$out"/crt \ -out "$out"/crt \
-subj "/C=US/ST=CA/L=San Francisco/O=Example Corp/OU=IT/CN=example.com" -subj "/C=US/ST=CA/L=San Francisco/O=Example Corp/OU=IT/CN=example.com"