From e7b2eb6b9af8cf8497d60574f350769aafec6135 Mon Sep 17 00:00:00 2001
From: Dimitrios Karagiannis <dhkarag@gmail.com>
Date: Thu, 28 Sep 2017 13:08:37 +0100
Subject: [PATCH 1/2] renew ca cert a week before expiry

---
 resources/cfssl-init-ca.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/cfssl-init-ca.sh b/resources/cfssl-init-ca.sh
index 1b28924..5cb38e0 100644
--- a/resources/cfssl-init-ca.sh
+++ b/resources/cfssl-init-ca.sh
@@ -8,7 +8,7 @@ if [ ! -f "${_args}" ]; then
 fi
 
 if [ -f ca.pem ] && [ -f ca-key.pem ]; then
-    [ "$(/opt/bin/cfssl certinfo -cert=ca.pem | jq -r '.not_after')" \< "$(date +%Y-%m-%dT%H:%M:%IZ)" ] \
+    (( "$(date +%s)" >= "$(date -d "$(/opt/bin/cfssl certinfo -cert=/var/lib/cfssl/ca.pem | jq -r '.not_after')" +%s)" - 7 * 24 * 3600 )) \
         &&  /opt/bin/cfssl gencert\
             -renewca \
             -ca=ca.pem \

From e2864d9a5b7f98ec23c0c49d2325ba25c696911d Mon Sep 17 00:00:00 2001
From: Dimitrios Karagiannis <dhkarag@gmail.com>
Date: Thu, 28 Sep 2017 13:10:22 +0100
Subject: [PATCH 2/2] restart cfssl service daily

---
 cfssl.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cfssl.tf b/cfssl.tf
index ec9c497..058ae47 100644
--- a/cfssl.tf
+++ b/cfssl.tf
@@ -137,6 +137,13 @@ data "ignition_systemd_unit" "cfssl-nginx" {
   content = "${data.template_file.cfssl-nginx.rendered}"
 }
 
+module "cfssl-restarter" {
+  source = "./systemd_service_restarter"
+
+  service_name = "cfssl"
+  on_calendar  = "*-*-* 00:00:00"
+}
+
 data "ignition_config" "cfssl" {
   files = [
     "${data.ignition_file.cfssl.id}",
@@ -154,6 +161,7 @@ data "ignition_config" "cfssl" {
         "${data.ignition_systemd_unit.cfssl.id}",
         "${data.ignition_systemd_unit.cfssl-nginx.id}",
     ),
+    module.cfssl-restarter.systemd_units,
     module.cfssl-disk-mounter.systemd_units,
   )}"]
 }