From ee66e9ea18349bd4c9227d3847673e65f4128ef9 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 5 Apr 2024 20:28:26 -0500 Subject: [PATCH] caddy: Separate out from loki app This will make it more clear when sharing Caddy resources with other applications (e.g. Frigate). --- app/caddy/templates.cue | 26 +++++++++++++++++++++++ app/loki/templates.cue | 24 +++------------------ env/prod/caddy.cue | 24 +++++++++++++++++++++ env/prod/loki.cue | 17 --------------- host/loki0.pyrocufflink.blue.cue | 2 ++ templates/caddy/acme-ca.crt | 1 + templates/{loki => caddy}/caddy.container | 0 templates/loki/caddy-acme-ca.crt | 1 - 8 files changed, 56 insertions(+), 39 deletions(-) create mode 100644 app/caddy/templates.cue create mode 100644 env/prod/caddy.cue create mode 100644 templates/caddy/acme-ca.crt rename templates/{loki => caddy}/caddy.container (100%) delete mode 100644 templates/loki/caddy-acme-ca.crt diff --git a/app/caddy/templates.cue b/app/caddy/templates.cue new file mode 100644 index 0000000..5e8e2c8 --- /dev/null +++ b/app/caddy/templates.cue @@ -0,0 +1,26 @@ +package caddy + +import "du5t1n.me/cfg/base/schema/instructions" + +templates: [...instructions.#RenderInstruction] & [ + { + template: "caddy/acme-ca.crt" + dest: "/etc/caddy/acme-ca.crt" + hooks: { + changed: [{run: "systemctl try-reload-or-restart caddy"}] + } + }, + { + template: "caddy/caddy.container" + dest: "/etc/containers/systemd/caddy.container" + hooks: { + changed: [ + { + run: "systemctl daemon-reload" + immediate: true + }, + {run: "systemctl restart caddy"}, + ] + } + }, +] diff --git a/app/loki/templates.cue b/app/loki/templates.cue index 401d5f9..1d8800a 100644 --- a/app/loki/templates.cue +++ b/app/loki/templates.cue @@ -2,6 +2,8 @@ package loki import "du5t1n.me/cfg/base/schema/instructions" +import "du5t1n.me/cfg/app/caddy" + templates: [...instructions.#RenderInstruction] & [ { template: "loki/config.yml" @@ -30,13 +32,6 @@ templates: [...instructions.#RenderInstruction] & [ changed: [{run: "systemctl try-reload-or-restart caddy"}] } }, - { - template: "loki/caddy-acme-ca.crt" - dest: "/etc/caddy/acme-ca.crt" - hooks: { - changed: [{run: "systemctl try-reload-or-restart caddy"}] - } - }, { template: "loki/Caddyfile" dest: "/etc/caddy/Caddyfile" @@ -44,17 +39,4 @@ templates: [...instructions.#RenderInstruction] & [ changed: [{run: "systemctl try-reload-or-restart caddy"}] } }, - { - template: "loki/caddy.container" - dest: "/etc/containers/systemd/caddy.container" - hooks: { - changed: [ - { - run: "systemctl daemon-reload" - immediate: true - }, - {run: "systemctl restart caddy"}, - ] - } - }, -] +]+caddy.templates diff --git a/env/prod/caddy.cue b/env/prod/caddy.cue new file mode 100644 index 0000000..a4d0f0e --- /dev/null +++ b/env/prod/caddy.cue @@ -0,0 +1,24 @@ +package prod + +caddy: { + acme: { + ca: """ + -----BEGIN CERTIFICATE----- + MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ + BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD + SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL + MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ + RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2 + lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD + VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB + ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG + CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu + bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0 + dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw + A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt + yfObaZ8/YiXxCSjL6/KzRSSjAQ== + -----END CERTIFICATE----- + """ + url: "https://ca.pyrocufflink.blue:32599/acme/acme/directory" + } +} diff --git a/env/prod/loki.cue b/env/prod/loki.cue index e700645..93a8d39 100644 --- a/env/prod/loki.cue +++ b/env/prod/loki.cue @@ -1,23 +1,6 @@ package prod loki: caddy: { - acme_ca: """ - -----BEGIN CERTIFICATE----- - MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ - BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD - SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL - MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ - RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2 - lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD - VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB - ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG - CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu - bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0 - dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw - A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt - yfObaZ8/YiXxCSjL6/KzRSSjAQ== - -----END CERTIFICATE----- - """ client_ca: """ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgIUGNZ/ASP8F2ytev3YplTk4jA5a2EwBQYDK2VwMEgxCzAJ diff --git a/host/loki0.pyrocufflink.blue.cue b/host/loki0.pyrocufflink.blue.cue index 40c2430..b2197b4 100644 --- a/host/loki0.pyrocufflink.blue.cue +++ b/host/loki0.pyrocufflink.blue.cue @@ -8,3 +8,5 @@ sudo: prod.sudo promtail: prod.#promtail loki: prod.loki + +caddy: prod.caddy diff --git a/templates/caddy/acme-ca.crt b/templates/caddy/acme-ca.crt new file mode 100644 index 0000000..274ab7d --- /dev/null +++ b/templates/caddy/acme-ca.crt @@ -0,0 +1 @@ +{{ caddy.acme.ca }} diff --git a/templates/loki/caddy.container b/templates/caddy/caddy.container similarity index 100% rename from templates/loki/caddy.container rename to templates/caddy/caddy.container diff --git a/templates/loki/caddy-acme-ca.crt b/templates/loki/caddy-acme-ca.crt deleted file mode 100644 index e5c3239..0000000 --- a/templates/loki/caddy-acme-ca.crt +++ /dev/null @@ -1 +0,0 @@ -{{ loki.caddy.acme_ca }}