homelab-nomad/core/acme.tf

module "acme" {
  source = "../services/service"

  name  = "acme"
  image = "caddy:2.7.4"
  args  = ["caddy", "--config", "$${NOMAD_TASK_DIR}/Caddyfile", "run"]

  ingress      = true
  service_port = 80
  use_wesher   = var.use_wesher

  templates = [
    {
      data        = <<EOF
{
  local_certs
  debug
  storage file_system {{ env "NOMAD_ALLOC_DIR" }}/data
}

:80, :443 {
  tls internal

  reverse_proxy "/chain" http://localhost:2019 {
    header_up Host {upstream_hostport}
    rewrite /pki/ca/local/certificates
  }

  @denied not remote_ip private_ranges
  error @denied "Who dis?" 401

  acme_server
}
      EOF
      dest        = "Caddyfile"
      mount       = false
      change_mode = "script"
      change_script = {
        command = "caddy"
        args    = ["reload", "--config", "$${NOMAD_TASK_DIR}/Caddyfle"]
      }
    },
  ]
}
WIP: shared lego acme 2023-12-29 15:38:39 +00:00			`module "acme" {`
			`source = "../services/service"`

			`name = "acme"`
			`image = "caddy:2.7.4"`
			`args = ["caddy", "--config", "$${NOMAD_TASK_DIR}/Caddyfile", "run"]`

			`ingress = true`
			`service_port = 80`
			`use_wesher = var.use_wesher`

			`templates = [`
			`{`
			`data = <<EOF`
			`{`
			`local_certs`
			`debug`
			`storage file_system {{ env "NOMAD_ALLOC_DIR" }}/data`
			`}`

			`:80, :443 {`
			`tls internal`

			`reverse_proxy "/chain" http://localhost:2019 {`
			`header_up Host {upstream_hostport}`
			`rewrite /pki/ca/local/certificates`
			`}`

			`@denied not remote_ip private_ranges`
			`error @denied "Who dis?" 401`

			`acme_server`
			`}`
			`EOF`
			`dest = "Caddyfile"`
			`mount = false`
			`change_mode = "script"`
			`change_script = {`
			`command = "caddy"`
			`args = ["reload", "--config", "$${NOMAD_TASK_DIR}/Caddyfle"]`
			`}`
			`},`
			`]`
			`}`