homelab-nomad/core/lego.tf

resource "nomad_job" "lego" {
  jobspec = file("${path.module}/lego.nomad")
}

resource "nomad_acl_policy" "secrets_certs_write" {
  name        = "secrets-certs-write"
  description = "Write certs to secrets store"
  rules_hcl   = <<EOH
namespace "default" {
  variables {
    path "secrets/certs/*" {
      capabilities = ["write", "read"]
    }
    path "secrets/certs" {
      capabilities = ["write", "read"]
    }
  }
}
EOH
  job_acl {
    job_id = "lego/*"
  }
}
Periodic job to renew lego certs and store them in Nomad Variables This will allow multiple instance of Traefik to serve certs. 2024-01-03 21:55:32 +00:00			`resource "nomad_job" "lego" {`
			`jobspec = file("${path.module}/lego.nomad")`
			`}`

			`resource "nomad_acl_policy" "secrets_certs_write" {`
			`name = "secrets-certs-write"`
			`description = "Write certs to secrets store"`
			`rules_hcl = <<EOH`
			`namespace "default" {`
			`variables {`
			`path "secrets/certs/*" {`
			`capabilities = ["write", "read"]`
			`}`
			`path "secrets/certs" {`
			`capabilities = ["write", "read"]`
			`}`
			`}`
			`}`
			`EOH`
			`job_acl {`
			`job_id = "lego/*"`
			`}`
			`}`