diff options
| -rw-r--r-- | .envrc | 1 | ||||
| -rw-r--r-- | jobs/certificates.nomad.hcl | 27 | ||||
| -rw-r--r-- | jobs/virtual-hosting.nomad.hcl | 4 |
3 files changed, 17 insertions, 15 deletions
@@ -1 +1,2 @@ dotenv +export NOMAD_CACERT="$(pwd)/nomad-agent-ca.pem" diff --git a/jobs/certificates.nomad.hcl b/jobs/certificates.nomad.hcl index e1cbc51..db7993d 100644 --- a/jobs/certificates.nomad.hcl +++ b/jobs/certificates.nomad.hcl @@ -2,7 +2,7 @@ job "certificates" { type = "batch" periodic { - cron = "@monthly" + crons = ["@monthly"] } group "lego" { @@ -17,7 +17,9 @@ job "certificates" { } network { - port "http" { } + port "http" { + # static = 80 + } } service { @@ -46,26 +48,23 @@ job "certificates" { data = <<EOF #!/usr/bin/env bash -function dns() { - [ -f "/lego/certificates/$1.key" ] && cmd="renew --no-random-sleep --days 45" || cmd=run +function cert() { + # --server "https://acme-staging-v02.api.letsencrypt.org/directory" /local/lego \ --accept-tos \ --path /lego \ --email mathias+certs@magnusson.space \ - --dns cloudflare \ - $${@/#/-d=} \ - $cmd + "$@" +} + +function dns() { + [ -f "/lego/certificates/$1.key" ] && cmd="renew --no-random-sleep --days 45" || cmd=run + cert --dns cloudflare $${@/#/-d=} $cmd } function http() { [ -f "/lego/certificates/$1.key" ] && cmd="renew --no-random-sleep --days 45" || cmd=run - /local/lego \ - --accept-tos \ - --path /lego \ - --email mathias+certs@magnusson.space \ - --http --http.port ":$NOMAD_PORT_http" \ - $${@/#/-d=} \ - $cmd + cert --http --http.port ":$NOMAD_PORT_http" $${@/#/-d=} $cmd } dns magnusson.space *.magnusson.space diff --git a/jobs/virtual-hosting.nomad.hcl b/jobs/virtual-hosting.nomad.hcl index e35e29b..5fa1a38 100644 --- a/jobs/virtual-hosting.nomad.hcl +++ b/jobs/virtual-hosting.nomad.hcl @@ -65,7 +65,9 @@ http { sendfile on; #tcp_nopush on; - keepalive_timeout 65; + client_max_body_size 500M; + + keepalive_timeout 65; #gzip on; |