acme-to-vault/variables.yml

---

# The name of the Nomad job
instance: acme-to-vault

acme:
  # The Docker image to use
  image: '[[ .docker.repo ]]acme-to-vault:24.5-1'

  # If a cron expression is defined, the service will stay running and renew certs.
  # If an empty string, the container will exit after running once
  cron: 22 0 * * *

  # Resource allocation
  resources:
    cpu: 10
    memory: 100
    memory_max: 160

  # Vault related settings
  vault:
    addr: http://localhost:8200

    # The root in the KV store where the ACME account key and metadata will be stored
    kv_account_root: kv/service/acme-to-vault/account

  # Additional env
  env:
    LEGO_DISABLE_CNAME_SUPPORT: true

  traefik:
    # We use a fakse host rule (which will never match) so Traefik wont complain about a rule with no Host
    rule: Host(`fake-acme-host`) || PathPrefix(`/.well-known/acme-challenge/`)

    # List of entrypoints where the http-01 challenges will be exposed
    entrypoints:
      - http
      - https
    csp: false
    middlewares:
      proxy: false
      proto: false
      security: false
    priority: 2000
    auto_rule: false

  accounts: []
# accounts:
#  - ca: https://acme-staging-v02.api.letsencrypt.org/directory
#    email: infra@lapiole.org
#    kv_cert_root: kv/service/traefik/certs
#    key_type: rsa4096
#    certs:
#      - test.lapiole.org,foobar.lapiole.org
#      - audio.lapiole.org
#      - rpms.lapiole.org
#  - ca: https://acme-v02.api.letsencrypt.org/directory
#    challenge: dns-01
#    dns_provider: gandiv5
#    dns_resolvers:
#      - 1.1.1.1
#      - 8.8.8.8
#    dns_key_env: GANDIV5_API_KEY
#    dns_key_value: XXXXXXX
#    kv_cert_root: kv/service/postgres/ssl
#    certs:
#      - postgres.example.org
Import job 2023-08-21 17:24:33 +02:00			`---`

Move instance var to the root 2023-12-21 22:10:31 +01:00			`# The name of the Nomad job`
			`instance: acme-to-vault`
Allow custom job_name 2023-09-03 22:38:07 +02:00
Move instance var to the root 2023-12-21 22:10:31 +01:00			`acme:`
Import job 2023-08-21 17:24:33 +02:00			`# The Docker image to use`
Update vault to 1.16.2 2024-05-02 15:00:03 +02:00			`image: '[[ .docker.repo ]]acme-to-vault:24.5-1'`
Import job 2023-08-21 17:24:33 +02:00
			`# If a cron expression is defined, the service will stay running and renew certs.`
			`# If an empty string, the container will exit after running once`
Small fixes 2023-08-21 17:31:42 +02:00			`cron: 22 0 * * *`
Import job 2023-08-21 17:24:33 +02:00
			`# Resource allocation`
			`resources:`
			`cpu: 10`
Use minit as task manager, cleanup, do not save account in vault each time 2024-01-17 23:13:54 +01:00			`memory: 100`
			`memory_max: 160`
Import job 2023-08-21 17:24:33 +02:00
			`# Vault related settings`
			`vault:`
			`addr: http://localhost:8200`

			`# The root in the KV store where the ACME account key and metadata will be stored`
			`kv_account_root: kv/service/acme-to-vault/account`

Cleanup, no feature change 2023-10-08 16:12:19 +02:00			`# Additional env`
Disable CNAME support has it breks when using a wildcard CNAME 2023-12-20 22:18:12 +01:00			`env:`
			`LEGO_DISABLE_CNAME_SUPPORT: true`
Cleanup, no feature change 2023-10-08 16:12:19 +02:00
Use job_start and set entrypoints from the variables 2023-08-25 00:22:42 +02:00			`traefik:`
Move the rule to variables.yml 2024-01-29 11:35:30 +01:00			`# We use a fakse host rule (which will never match) so Traefik wont complain about a rule with no Host`
			rule: Host(`fake-acme-host`) \|\| PathPrefix(`/.well-known/acme-challenge/`)

Use job_start and set entrypoints from the variables 2023-08-25 00:22:42 +02:00			`# List of entrypoints where the http-01 challenges will be exposed`
			`entrypoints:`
			`- http`
			`- https`
Adapt to new middleware model 2024-01-28 22:34:38 +01:00			`csp: false`
			`middlewares:`
			`proxy: false`
Disable security and proto middlewares as they have no sens in http 2024-01-29 11:31:38 +01:00			`proto: false`
			`security: false`
Small update in template usage 2023-08-28 13:26:20 +02:00			`priority: 2000`
Use new traefik_tags template 2024-01-26 23:28:03 +01:00			`auto_rule: false`
Use job_start and set entrypoints from the variables 2023-08-25 00:22:42 +02:00
Import job 2023-08-21 17:24:33 +02:00			`accounts: []`
			`# accounts:`
			`# - ca: https://acme-staging-v02.api.letsencrypt.org/directory`
			`# email: infra@lapiole.org`
			`# kv_cert_root: kv/service/traefik/certs`
			`# key_type: rsa4096`
			`# certs:`
			`# - test.lapiole.org,foobar.lapiole.org`
			`# - audio.lapiole.org`
			`# - rpms.lapiole.org`
			`# - ca: https://acme-v02.api.letsencrypt.org/directory`
			`# challenge: dns-01`
			`# dns_provider: gandiv5`
			`# dns_resolvers:`
			`# - 1.1.1.1`
			`# - 8.8.8.8`
			`# dns_key_env: GANDIV5_API_KEY`
			`# dns_key_value: XXXXXXX`
			`# kv_cert_root: kv/service/postgres/ssl`
			`# certs:`
			`# - postgres.example.org`