nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 56276891195f2f8cc99c57b251e09c984b851c7e
parent 35f54ceae12469353bdabb726965997c5ce743fd
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Sun, 21 Jul 2024 15:15:58 +0200

feat: move certbot kv

Diffstat:
Mhcl/default/certbot/README | 10++++------
Mhcl/default/certbot/certbot.nomad | 8+++-----
Mhcl/default/certbot/templates/certbot-request.sh.tmpl | 8++++++--
3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/hcl/default/certbot/README b/hcl/default/certbot/README @@ -17,16 +17,14 @@ Install the periodic job: LETSENCRYPT EMAIL ----------------- -Add Letsencrypt plain-text email in Consul KV "certbot/email" +Add Letsencrypt plain-text email in Nomad variable "certbot/email" DOMAINS ------- -Add Letsencrypt domains in Consul "certbot/domains" as YAML file +Add Letsencrypt domains in Nomad variable "certbot/domains" as list - --- - - cn1.example.com,san1.example.com - - cn2.example.com + cn1.example.com,san1.example.com",cn2.example.com,more.domains,.. Hint: Don't automatically redirect http traffic to https ports. If enabled, Letsencrypt fails to download the challenge files from the http endpoint @@ -54,7 +52,7 @@ Spins up n tasks for n certificates. - Pro: Use JSON file on the host to provide domains as input. The approach with the simple shell scripts orders all certificates in the same task (same script). -- Contra: No Consul KV to provide domains as input +- Contra: No KV to provide domains as input Howto: - adjust the defaults file diff --git a/hcl/default/certbot/certbot.nomad b/hcl/default/certbot/certbot.nomad @@ -1,9 +1,7 @@ -# Create a kv entry certbot/domains in Consul with the following YAML config: -# --- -# - cn1.example.com,san1.example.com -# - cn2.example.com +# Create a Nomad variable certbot/domains with the following YAML config: +# cn1.example.com,san1.example.com,cn2.example.com,more.domains,.. # -# Put the letsencrypt email address as plain-text in kv certbot/email +# Also, store the letsencrypt email address in variable certbot/email job "certbot" { datacenters = ["dc1"] diff --git a/hcl/default/certbot/templates/certbot-request.sh.tmpl b/hcl/default/certbot/templates/certbot-request.sh.tmpl @@ -1,5 +1,9 @@ #!/usr/bin/env sh # https://eff-certbot.readthedocs.io/en/stable/using.html#re-creating-and-updating-existing-certificates -{{ range $i, $d := key "certbot/domains" | parseYAML }} -certbot certonly --standalone -n -m {{ key "certbot/email" }} --agree-tos --domains {{ $d }} # --force-renewal --staging +{{ with nomadVar "nomad/jobs/certbot" }} +{{ range $i, $d := .domains.Value | split "," }} +certbot certonly --standalone -n \ + -m {{ with nomadVar "nomad/jobs/certbot" }}{{ .email }}{{ end }} \ + --agree-tos --domains {{ $d }} # --force-renewal --staging +{{- end }} {{- end }}