use self signed cert

2026-01-02 15:07:59 +01:00
parent 5b3c896a25
commit 22710d12a9
2 changed files with 9 additions and 0 deletions
--- a/.gitea/workflows/iac.yaml
+++ b/.gitea/workflows/iac.yaml
@@ -23,6 +23,7 @@ concurrency:
  id: vault-secrets
  with:
    url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
    jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
    role: gitea_cicd
    method: jwt
@@ -53,6 +54,7 @@ jobs:
    env:
      OPENTOFU_VERSION: 1.8.2
      TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
+      VAULT_CACERT: /usr/local/share/ca-certificates/root_ca.crt
    steps:
      - *vault_step
      - uses: actions/checkout@v4
--- a/.gitea/workflows/postgres.yaml
+++ b/.gitea/workflows/postgres.yaml
@@ -21,6 +21,7 @@ concurrency:
  id: vault-secrets
  with:
    url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
    jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
    role: gitea_cicd
    method: jwt
@@ -50,7 +51,13 @@ jobs:
    env:
      OPENTOFU_VERSION: 1.8.2
      TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
+      VAULT_CACERT: homelab.pem
    steps:
+      - name: check cert
+        run: |
+          cp /usr/local/share/ca-certificates/root_ca.crt $VAULT_CACERT
+          realpath $VAULT_CACERT
+          chmod 777 $VAULT_CACERT
      - *vault_step
      - uses: actions/checkout@v4
      - name: terraform apply