commit 56276891195f2f8cc99c57b251e09c984b851c7e
parent 35f54ceae12469353bdabb726965997c5ce743fd
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Sun, 21 Jul 2024 15:15:58 +0200
feat: move certbot kv
Diffstat:
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/hcl/default/certbot/README b/hcl/default/certbot/README
@@ -17,16 +17,14 @@ Install the periodic job:
LETSENCRYPT EMAIL
-----------------
-Add Letsencrypt plain-text email in Consul KV "certbot/email"
+Add Letsencrypt plain-text email in Nomad variable "certbot/email"
DOMAINS
-------
-Add Letsencrypt domains in Consul "certbot/domains" as YAML file
+Add Letsencrypt domains in Nomad variable "certbot/domains" as list
- ---
- - cn1.example.com,san1.example.com
- - cn2.example.com
+ cn1.example.com,san1.example.com",cn2.example.com,more.domains,..
Hint: Don't automatically redirect http traffic to https ports. If enabled,
Letsencrypt fails to download the challenge files from the http endpoint
@@ -54,7 +52,7 @@ Spins up n tasks for n certificates.
- Pro: Use JSON file on the host to provide domains as input. The approach with the
simple shell scripts orders all certificates in the same task (same script).
-- Contra: No Consul KV to provide domains as input
+- Contra: No KV to provide domains as input
Howto:
- adjust the defaults file
diff --git a/hcl/default/certbot/certbot.nomad b/hcl/default/certbot/certbot.nomad
@@ -1,9 +1,7 @@
-# Create a kv entry certbot/domains in Consul with the following YAML config:
-# ---
-# - cn1.example.com,san1.example.com
-# - cn2.example.com
+# Create a Nomad variable certbot/domains with the following YAML config:
+# cn1.example.com,san1.example.com,cn2.example.com,more.domains,..
#
-# Put the letsencrypt email address as plain-text in kv certbot/email
+# Also, store the letsencrypt email address in variable certbot/email
job "certbot" {
datacenters = ["dc1"]
diff --git a/hcl/default/certbot/templates/certbot-request.sh.tmpl b/hcl/default/certbot/templates/certbot-request.sh.tmpl
@@ -1,5 +1,9 @@
#!/usr/bin/env sh
# https://eff-certbot.readthedocs.io/en/stable/using.html#re-creating-and-updating-existing-certificates
-{{ range $i, $d := key "certbot/domains" | parseYAML }}
-certbot certonly --standalone -n -m {{ key "certbot/email" }} --agree-tos --domains {{ $d }} # --force-renewal --staging
+{{ with nomadVar "nomad/jobs/certbot" }}
+{{ range $i, $d := .domains.Value | split "," }}
+certbot certonly --standalone -n \
+ -m {{ with nomadVar "nomad/jobs/certbot" }}{{ .email }}{{ end }} \
+ --agree-tos --domains {{ $d }} # --force-renewal --staging
+{{- end }}
{{- end }}
