Move instance var to the root

acme-to-vault.nomad.hcl

@@ -1,6 +1,6 @@
 [[ $c := merge .acme . -]]
 
-job [[ .acme.instance | toJSON ]] {
+job [[ .instance | toJSON ]] {
   type = "[[ if ne "" .acme.cron ]]service[[ else ]]batch[[ end ]]"
 
 [[- template "common/job_start" $c ]]
@@ -16,7 +16,7 @@ job [[ .acme.instance | toJSON ]] {
     }
 
     service {
-      name = "[[ .acme.instance ]][[ .consul.suffix ]]"
+      name = "[[ .instance ]][[ .consul.suffix ]]"
       port = 8787
 
 [[ template "common/connect" merge $c ]]
@@ -24,10 +24,10 @@ job [[ .acme.instance | toJSON ]] {
       tags = [
         "[[ $c.traefik.instance ]].enable=true",
         # Note : add a fake host in the rule to prevent warnings in Traefik logs
-        "[[ $c.traefik.instance ]].http.routers.[[ .acme.instance ]][[ .consul.suffix ]].rule=Host(`fake-acme-host`) || PathPrefix(`/.well-known/acme-challenge/`)",
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`fake-acme-host`) || PathPrefix(`/.well-known/acme-challenge/`)",
-        "[[ $c.traefik.instance ]].http.routers.[[ .acme.instance ]][[ .consul.suffix ]].priority=[[ $c.traefik.priority ]]",
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].priority=[[ $c.traefik.priority ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .acme.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
-        "[[ $c.traefik.instance ]].http.routers.[[ .acme.instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]"
+        "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]"
       ]
     }
 
@@ -43,7 +43,7 @@ job [[ .acme.instance | toJSON ]] {
       }
 
       vault {
-        policies = ["[[ .acme.instance ]][[ .consul.suffix ]]"]
+        policies = ["[[ .instance ]][[ .consul.suffix ]]"]
       }
 
       env {

consul/config/service-defaults/acme-to-vault.hcl

@@ -1,3 +1,3 @@
 Kind     = "service-defaults"
-Name     = "[[ .acme.instance ]][[ .consul.suffix ]]"
+Name     = "[[ .instance ]][[ .consul.suffix ]]"
 Protocol = "http"

consul/config/service-intentions/acme-to-vault.hcl

@@ -1,5 +1,5 @@
 Kind = "service-intentions"
-Name = "[[ .acme.instance ]][[ .consul.suffix ]]"
+Name = "[[ .instance ]][[ .consul.suffix ]]"
 Sources = [
   {
     Name = "[[ .traefik.instance ]]"

prep.d/mv_conf.sh

@@ -1 +1 @@
-[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "acme-to-vault" .acme.instance) ]]
+[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "acme-to-vault" .instance) ]]

variables.yml

@@ -1,11 +1,11 @@
 ---
 
-acme:
+# The name of the Nomad job
-  # The name of the Nomad job
+instance: acme-to-vault
-  instance: acme-to-vault
 
+acme:
   # The Docker image to use
-  image: danielberteaud/acme-to-vault:23.12-1
+  image: '[[ .docker.repo ]]acme-to-vault:23.12-1'
 
   # If a cron expression is defined, the service will stay running and renew certs.
   # If an empty string, the container will exit after running once

vault/policies/acme-to-vault.hcl

@@ -5,13 +5,13 @@ path "[[ .vault.prefix ]]kv/metadata/service/+/certs" {
   capabilities = ["list","read"]
 }
 
-path "[[ .vault.prefix ]]kv/data/service/[[ .acme.instance ]]/account/*" {
+path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]/account/*" {
   capabilities = ["read","create","update"]
 }
-path "[[ .vault.prefix ]]kv/metadata/service/[[ .acme.instance ]]/account/*" {
+path "[[ .vault.prefix ]]kv/metadata/service/[[ .instance ]]/account/*" {
   capabilities = ["list","read"]
 }
 
-path "[[ .vault.prefix ]]kv/data/service/[[ .acme.instance ]]" {
+path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
   capabilities = ["read"]
 }