diff options
| author | Mathias Magnusson <mathias@magnusson.space> | 2023-09-19 20:12:43 +0200 |
|---|---|---|
| committer | Mathias Magnusson <mathias@magnusson.space> | 2023-09-19 20:12:43 +0200 |
| commit | 0d1a7a8c7dfc8a79329d3364761a6eb0f3a3d8c3 (patch) | |
| tree | 25e940c1bf73f1124f0a0cb99b672d7b6240c545 /jobs/certificates.nomad.hcl | |
| parent | e25fb13a653dde3afd3e6fd2ad5e3ae7bfd2c044 (diff) | |
| download | garm-0d1a7a8c7dfc8a79329d3364761a6eb0f3a3d8c3.tar.gz | |
Add support for http challenges for tls certificates
Diffstat (limited to 'jobs/certificates.nomad.hcl')
| -rw-r--r-- | jobs/certificates.nomad.hcl | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/jobs/certificates.nomad.hcl b/jobs/certificates.nomad.hcl index f5452a3..7284deb 100644 --- a/jobs/certificates.nomad.hcl +++ b/jobs/certificates.nomad.hcl @@ -16,6 +16,20 @@ job "certificates" { source = "ca-certificates" } + network { + port "http" { } + } + + service { + name = "certificates" + port = "http" + provider = "nomad" + + tags = [ + "nginx.hijack_http=.dinlugnastund.se", + ] + } + task "lego" { driver = "exec" @@ -31,6 +45,7 @@ job "certificates" { template { data = <<EOF #!/usr/bin/env bash + function dns() { [ -f "/lego/certificates/$1.key" ] && cmd="renew --days 45" || cmd=run /local/lego \ @@ -41,9 +56,22 @@ function dns() { $${@/#/-d=} \ $cmd } + +function http() { + [ -f "/lego/certificates/$1.key" ] && cmd="renew --days 45" || cmd=run + /local/lego \ + --accept-tos \ + --path /lego \ + --email mathias+certs@magnusson.space \ + --http --http.port ":$NOMAD_PORT_http" \ + $${@/#/-d=} \ + $cmd +} + dns magnusson.space *.magnusson.space dns magnusson.wiki *.magnusson.wiki dns xn--srskildakommandorrelsegruppen-0pc88c.se *.xn--srskildakommandorrelsegruppen-0pc88c.se +http dinlugnastund.se www.dinlugnastund.se EOF destination = "local/certs.sh" } |