46 lines
1.4 KiB
Docker
46 lines
1.4 KiB
Docker
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]] AS vault
|
|
|
|
ARG VAULT_VERSION=1.16.2
|
|
ADD https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip /tmp
|
|
RUN set -euxo pipefail &&\
|
|
cd /tmp &&\
|
|
unzip -d /usr/local/bin vault_${VAULT_VERSION}_linux_amd64.zip &&\
|
|
rm vault_${VAULT_VERSION}_linux_amd64.zip
|
|
|
|
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
|
|
MAINTAINER [[ .docker.maintainer ]]
|
|
|
|
ARG VAULT_VERSION=1.15.4
|
|
|
|
ENV ACME_HTTP_PORT=8787 \
|
|
ACME_0_CHALLENGE=http-01 \
|
|
ACME_0_DNS_PROVIDER=gandiv5 \
|
|
ACME_0_EMAIL=no-reply@example.org \
|
|
ACME_0_CA=https://acme-staging-v02.api.letsencrypt.org/directory \
|
|
ACME_0_KV_CERT_ROOT=kv/service/traefik/certs \
|
|
ACME_0_KV_ACCOUNT_ROOT=kv/service/acme-to-vault/account \
|
|
MINIT_MAIN_KIND=once \
|
|
MINIT_MAIN_NAME=acme-to-vault \
|
|
MINIT_MAIN=acme-to-vault.sh \
|
|
VAULT_ADDR=https://vault.service.example.org:8200 \
|
|
VAULT_DISABLE_MLOCK=true
|
|
|
|
COPY --from=vault /usr/local/bin/vault /usr/local/bin/vault
|
|
RUN set -eu &&\
|
|
apk --no-cache add \
|
|
curl \
|
|
openssl \
|
|
ca-certificates \
|
|
lego \
|
|
jq \
|
|
&&\
|
|
mkdir -p /data &&\
|
|
# Use very open permissions so we can easily mount a tmpfs over /data \
|
|
# A /data/acme subdir will be created with restricted permissions anyway \
|
|
chmod 777 /data
|
|
|
|
COPY root/ /
|
|
|
|
EXPOSE ${ACME_HTTP_PORT}
|
|
CMD ["minit"]
|