Use a template block so we can fetch values from vault
This commit is contained in:
parent
6a785bd5df
commit
84dc3078e2
|
@ -45,39 +45,48 @@ job [[ .acme.instance | toJSON ]] {
|
|||
}
|
||||
|
||||
env {
|
||||
[[- template "common/env.tpl" $c.env ]]
|
||||
[[- if has .acme.vault "service_name" ]]
|
||||
VAULT_ADDR = "http://localhost:8200"
|
||||
[[- else ]]
|
||||
VAULT_ADDR = [[ .acme.vault.addr | toJSON ]]
|
||||
[[- end ]]
|
||||
[[- template "common/proxy_env.tpl" . -]]
|
||||
ACME_CRON = [[ .acme.cron | toJSON ]]
|
||||
ACME_KV_ACCOUNT_ROOT = [[ .acme.vault.kv_account_root | toJSON ]]
|
||||
[[- range $acc_idx, $account := .acme.accounts ]]
|
||||
ACME_[[ $acc_idx ]]_CA = [[ $account.ca | toJSON ]]
|
||||
ACME_[[ $acc_idx ]]_EMAIL = [[ $account.email | toJSON ]]
|
||||
ACME_[[ $acc_idx ]]_KV_CERT_ROOT = [[ $account.kv_cert_root | toJSON ]]
|
||||
[[- if has $account "challenge" ]]
|
||||
ACME_[[ $acc_idx ]]_CHALLENGE = [[ $account.challenge | toJSON ]]
|
||||
[[- if eq $account.challenge "dns-01" ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_PROVIDER = [[ $account.dns_provider | toJSON ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_KEY_ENV = [[ $account.dns_key_env | toJSON ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_KEY_VALUE = [[ $account.dns_key_value | toJSON ]]
|
||||
[[ if has $account "dns_resolvers" ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_RESOLVERS = [[ join $account.dns_resolvers "," | toJSON ]]
|
||||
[[- end ]]
|
||||
[[- else ]]
|
||||
ACME_[[ $acc_idx ]]_CHALLENGE = "http-01"
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
[[- if has $account "key_type" ]]
|
||||
ACME_[[ $acc_idx ]]_KEY_TYPE = [[ $account.key_type | toJSON ]]
|
||||
[[- end ]]
|
||||
[[- range $crt_idx, $crt := $account.certs ]]
|
||||
ACME_[[ $acc_idx ]]_CERT_[[ $crt_idx ]] = [[ $crt | toJSON ]]
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
}
|
||||
|
||||
[[- template "common/file_env.tpl" $c.env ]]
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[- if has .acme.vault "service_name" ]]
|
||||
VAULT_ADDR=http://localhost:8200
|
||||
[[- else ]]
|
||||
VAULT_ADDR=[[ .acme.vault.addr ]]
|
||||
[[- end ]]
|
||||
ACME_CRON=[[ .acme.cron ]]
|
||||
ACME_KV_ACCOUNT_ROOT=[[ .acme.vault.kv_account_root ]]
|
||||
[[- range $acc_idx, $account := .acme.accounts ]]
|
||||
ACME_[[ $acc_idx ]]_CA=[[ $account.ca ]]
|
||||
ACME_[[ $acc_idx ]]_EMAIL=[[ $account.email ]]
|
||||
ACME_[[ $acc_idx ]]_KV_CERT_ROOT=[[ $account.kv_cert_root ]]
|
||||
[[- if has $account "challenge" ]]
|
||||
ACME_[[ $acc_idx ]]_CHALLENGE=[[ $account.challenge ]]
|
||||
[[- if eq $account.challenge "dns-01" ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_PROVIDER=[[ $account.dns_provider ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_KEY_ENV=[[ $account.dns_key_env ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_KEY_VALUE=[[ $account.dns_key_value ]]
|
||||
[[ if has $account "dns_resolvers" ]]
|
||||
ACME_[[ $acc_idx ]]_DNS_RESOLVERS=[[ join $account.dns_resolvers "," ]]
|
||||
[[- end ]]
|
||||
[[- else ]]
|
||||
ACME_[[ $acc_idx ]]_CHALLENGE=http-01
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
[[- if has $account "key_type" ]]
|
||||
ACME_[[ $acc_idx ]]_KEY_TYPE=[[ $account.key_type ]]
|
||||
[[- end ]]
|
||||
[[- range $crt_idx, $crt := $account.certs ]]
|
||||
ACME_[[ $acc_idx ]]_CERT_[[ $crt_idx ]]=[[ $crt ]]
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
_EOT
|
||||
destination = "secrets/acm-to-vault.env"
|
||||
perms = 0400
|
||||
env = true
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .acme.resources ]]
|
||||
|
|
Loading…
Reference in New Issue