68 lines
1.7 KiB
YAML
68 lines
1.7 KiB
YAML
---
|
|
|
|
# The name of the Nomad job
|
|
instance: acme-to-vault
|
|
|
|
acme:
|
|
# The Docker image to use
|
|
image: '[[ .docker.repo ]]acme-to-vault:24.5-1'
|
|
|
|
# If a cron expression is defined, the service will stay running and renew certs.
|
|
# If an empty string, the container will exit after running once
|
|
cron: 22 0 * * *
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 10
|
|
memory: 100
|
|
memory_max: 160
|
|
|
|
# Vault related settings
|
|
vault:
|
|
addr: http://localhost:8200
|
|
|
|
# The root in the KV store where the ACME account key and metadata will be stored
|
|
kv_account_root: kv/service/acme-to-vault/account
|
|
|
|
# Additional env
|
|
env:
|
|
LEGO_DISABLE_CNAME_SUPPORT: true
|
|
|
|
traefik:
|
|
# We use a fakse host rule (which will never match) so Traefik wont complain about a rule with no Host
|
|
rule: Host(`fake-acme-host`) || PathPrefix(`/.well-known/acme-challenge/`)
|
|
|
|
# List of entrypoints where the http-01 challenges will be exposed
|
|
entrypoints:
|
|
- http
|
|
- https
|
|
csp: false
|
|
middlewares:
|
|
proxy: false
|
|
proto: false
|
|
security: false
|
|
priority: 2000
|
|
auto_rule: false
|
|
|
|
accounts: []
|
|
# accounts:
|
|
# - ca: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
# email: infra@lapiole.org
|
|
# kv_cert_root: kv/service/traefik/certs
|
|
# key_type: rsa4096
|
|
# certs:
|
|
# - test.lapiole.org,foobar.lapiole.org
|
|
# - audio.lapiole.org
|
|
# - rpms.lapiole.org
|
|
# - ca: https://acme-v02.api.letsencrypt.org/directory
|
|
# challenge: dns-01
|
|
# dns_provider: gandiv5
|
|
# dns_resolvers:
|
|
# - 1.1.1.1
|
|
# - 8.8.8.8
|
|
# dns_key_env: GANDIV5_API_KEY
|
|
# dns_key_value: XXXXXXX
|
|
# kv_cert_root: kv/service/postgres/ssl
|
|
# certs:
|
|
# - postgres.example.org
|