99 lines
1.8 KiB
HCL
99 lines
1.8 KiB
HCL
variable "lego_version" {
|
|
default = "4.14.2"
|
|
type = string
|
|
}
|
|
|
|
variable "nomad_version" {
|
|
default = "1.7.2"
|
|
type = string
|
|
}
|
|
|
|
job "lego" {
|
|
|
|
type = "batch"
|
|
|
|
periodic {
|
|
cron = "@weekly"
|
|
prohibit_overlap = true
|
|
}
|
|
|
|
group "main" {
|
|
|
|
volume "certs" {
|
|
type = "host"
|
|
read_only = true
|
|
source = "certs"
|
|
}
|
|
|
|
task "main" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "ubuntu:latest"
|
|
command = "sh"
|
|
args = ["${NOMAD_TASK_DIR}/start.sh"]
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "certs"
|
|
destination = "/root/.lego"
|
|
read_only = true
|
|
}
|
|
|
|
artifact {
|
|
source = "https://github.com/go-acme/lego/releases/download/v${var.lego_version}/lego_v${var.lego_version}_linux_${attr.cpu.arch}.tar.gz"
|
|
}
|
|
|
|
artifact {
|
|
source = "https://releases.hashicorp.com/nomad/${var.nomad_version}/nomad_${var.nomad_version}_linux_${attr.cpu.arch}.zip"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
#! /bin/sh
|
|
|
|
ls -l ${NOMAD_TASK_DIR}
|
|
|
|
arg=run
|
|
if [ -f /root/.lego/certificates/_.thefij.rocks.crt ]; then
|
|
arg=renew
|
|
fi
|
|
|
|
${NOMAD_TASK_DIR}/lego \
|
|
--server=https://acme-staging-v02.api.letsencrypt.org/directory \
|
|
--accept-tos --pem \
|
|
--email=iamthefij@gmail.com \
|
|
--domains="*.iamthefij.com" \
|
|
--dns="cloudflare" \
|
|
$arg
|
|
|
|
# chmod +x ${NOMAD_TASK_DIR}/nomad
|
|
|
|
# ${NOMAD_TASK_DIR}/nomad var list
|
|
sleep 1000
|
|
EOH
|
|
destination = "${NOMAD_TASK_DIR}/start.sh"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
{{ with nomadVar "nomad/jobs/lego" -}}
|
|
CF_DNS_API_TOKEN={{ .domain_lego_dns }}
|
|
CF_ZONE_API_TOKEN={{ .domain_lego_dns }}
|
|
{{- end }}
|
|
EOH
|
|
destination = "secrets/cloudflare.env"
|
|
env = true
|
|
}
|
|
|
|
env = {
|
|
NOMAD_ADDR = "unix:///secrets/api.sock"
|
|
}
|
|
|
|
identity {
|
|
env = true
|
|
}
|
|
}
|
|
}
|
|
}
|