2023-08-21 17:24:33 +02:00
|
|
|
---
|
|
|
|
|
2023-12-21 22:10:31 +01:00
|
|
|
# The name of the Nomad job
|
|
|
|
instance: acme-to-vault
|
2023-09-03 22:38:07 +02:00
|
|
|
|
2023-12-21 22:10:31 +01:00
|
|
|
acme:
|
2023-08-21 17:24:33 +02:00
|
|
|
# The Docker image to use
|
2024-05-02 15:00:03 +02:00
|
|
|
image: '[[ .docker.repo ]]acme-to-vault:24.5-1'
|
2023-08-21 17:24:33 +02:00
|
|
|
|
|
|
|
# If a cron expression is defined, the service will stay running and renew certs.
|
|
|
|
# If an empty string, the container will exit after running once
|
2023-08-21 17:31:42 +02:00
|
|
|
cron: 22 0 * * *
|
2023-08-21 17:24:33 +02:00
|
|
|
|
|
|
|
# Resource allocation
|
|
|
|
resources:
|
|
|
|
cpu: 10
|
2024-01-17 23:13:54 +01:00
|
|
|
memory: 100
|
|
|
|
memory_max: 160
|
2023-08-21 17:24:33 +02:00
|
|
|
|
|
|
|
# Vault related settings
|
|
|
|
vault:
|
|
|
|
addr: http://localhost:8200
|
|
|
|
|
|
|
|
# The root in the KV store where the ACME account key and metadata will be stored
|
|
|
|
kv_account_root: kv/service/acme-to-vault/account
|
|
|
|
|
2023-10-08 16:12:19 +02:00
|
|
|
# Additional env
|
2023-12-20 22:18:12 +01:00
|
|
|
env:
|
|
|
|
LEGO_DISABLE_CNAME_SUPPORT: true
|
2023-10-08 16:12:19 +02:00
|
|
|
|
2023-08-25 00:22:42 +02:00
|
|
|
traefik:
|
2024-01-29 11:35:30 +01:00
|
|
|
# We use a fakse host rule (which will never match) so Traefik wont complain about a rule with no Host
|
|
|
|
rule: Host(`fake-acme-host`) || PathPrefix(`/.well-known/acme-challenge/`)
|
|
|
|
|
2023-08-25 00:22:42 +02:00
|
|
|
# List of entrypoints where the http-01 challenges will be exposed
|
|
|
|
entrypoints:
|
|
|
|
- http
|
|
|
|
- https
|
2024-01-28 22:34:38 +01:00
|
|
|
csp: false
|
|
|
|
middlewares:
|
|
|
|
proxy: false
|
2024-01-29 11:31:38 +01:00
|
|
|
proto: false
|
|
|
|
security: false
|
2023-08-28 13:26:20 +02:00
|
|
|
priority: 2000
|
2024-01-26 23:28:03 +01:00
|
|
|
auto_rule: false
|
2023-08-25 00:22:42 +02:00
|
|
|
|
2023-08-21 17:24:33 +02:00
|
|
|
accounts: []
|
|
|
|
# accounts:
|
|
|
|
# - ca: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
|
|
# email: infra@lapiole.org
|
|
|
|
# kv_cert_root: kv/service/traefik/certs
|
|
|
|
# key_type: rsa4096
|
|
|
|
# certs:
|
|
|
|
# - test.lapiole.org,foobar.lapiole.org
|
|
|
|
# - audio.lapiole.org
|
|
|
|
# - rpms.lapiole.org
|
|
|
|
# - ca: https://acme-v02.api.letsencrypt.org/directory
|
|
|
|
# challenge: dns-01
|
|
|
|
# dns_provider: gandiv5
|
|
|
|
# dns_resolvers:
|
|
|
|
# - 1.1.1.1
|
|
|
|
# - 8.8.8.8
|
|
|
|
# dns_key_env: GANDIV5_API_KEY
|
|
|
|
# dns_key_value: XXXXXXX
|
|
|
|
# kv_cert_root: kv/service/postgres/ssl
|
|
|
|
# certs:
|
|
|
|
# - postgres.example.org
|