caddy: Separate out from loki app
This will make it more clear when sharing Caddy resources with other applications (e.g. Frigate).master
parent
b5fea000fa
commit
ee66e9ea18
|
|
@ -0,0 +1,26 @@
|
||||||
|
package caddy
|
||||||
|
|
||||||
|
import "du5t1n.me/cfg/base/schema/instructions"
|
||||||
|
|
||||||
|
templates: [...instructions.#RenderInstruction] & [
|
||||||
|
{
|
||||||
|
template: "caddy/acme-ca.crt"
|
||||||
|
dest: "/etc/caddy/acme-ca.crt"
|
||||||
|
hooks: {
|
||||||
|
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
template: "caddy/caddy.container"
|
||||||
|
dest: "/etc/containers/systemd/caddy.container"
|
||||||
|
hooks: {
|
||||||
|
changed: [
|
||||||
|
{
|
||||||
|
run: "systemctl daemon-reload"
|
||||||
|
immediate: true
|
||||||
|
},
|
||||||
|
{run: "systemctl restart caddy"},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
@ -2,6 +2,8 @@ package loki
|
||||||
|
|
||||||
import "du5t1n.me/cfg/base/schema/instructions"
|
import "du5t1n.me/cfg/base/schema/instructions"
|
||||||
|
|
||||||
|
import "du5t1n.me/cfg/app/caddy"
|
||||||
|
|
||||||
templates: [...instructions.#RenderInstruction] & [
|
templates: [...instructions.#RenderInstruction] & [
|
||||||
{
|
{
|
||||||
template: "loki/config.yml"
|
template: "loki/config.yml"
|
||||||
|
|
@ -30,13 +32,6 @@ templates: [...instructions.#RenderInstruction] & [
|
||||||
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
|
||||||
template: "loki/caddy-acme-ca.crt"
|
|
||||||
dest: "/etc/caddy/acme-ca.crt"
|
|
||||||
hooks: {
|
|
||||||
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
template: "loki/Caddyfile"
|
template: "loki/Caddyfile"
|
||||||
dest: "/etc/caddy/Caddyfile"
|
dest: "/etc/caddy/Caddyfile"
|
||||||
|
|
@ -44,17 +39,4 @@ templates: [...instructions.#RenderInstruction] & [
|
||||||
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
changed: [{run: "systemctl try-reload-or-restart caddy"}]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
]+caddy.templates
|
||||||
template: "loki/caddy.container"
|
|
||||||
dest: "/etc/containers/systemd/caddy.container"
|
|
||||||
hooks: {
|
|
||||||
changed: [
|
|
||||||
{
|
|
||||||
run: "systemctl daemon-reload"
|
|
||||||
immediate: true
|
|
||||||
},
|
|
||||||
{run: "systemctl restart caddy"},
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,24 @@
|
||||||
|
package prod
|
||||||
|
|
||||||
|
caddy: {
|
||||||
|
acme: {
|
||||||
|
ca: """
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ
|
||||||
|
BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD
|
||||||
|
SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL
|
||||||
|
MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ
|
||||||
|
RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2
|
||||||
|
lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD
|
||||||
|
VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB
|
||||||
|
ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG
|
||||||
|
CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu
|
||||||
|
bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0
|
||||||
|
dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw
|
||||||
|
A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt
|
||||||
|
yfObaZ8/YiXxCSjL6/KzRSSjAQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
"""
|
||||||
|
url: "https://ca.pyrocufflink.blue:32599/acme/acme/directory"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -1,23 +1,6 @@
|
||||||
package prod
|
package prod
|
||||||
|
|
||||||
loki: caddy: {
|
loki: caddy: {
|
||||||
acme_ca: """
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ
|
|
||||||
BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD
|
|
||||||
SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL
|
|
||||||
MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ
|
|
||||||
RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2
|
|
||||||
lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD
|
|
||||||
VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB
|
|
||||||
ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG
|
|
||||||
CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu
|
|
||||||
bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0
|
|
||||||
dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw
|
|
||||||
A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt
|
|
||||||
yfObaZ8/YiXxCSjL6/KzRSSjAQ==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
"""
|
|
||||||
client_ca: """
|
client_ca: """
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIBlDCCAUagAwIBAgIUGNZ/ASP8F2ytev3YplTk4jA5a2EwBQYDK2VwMEgxCzAJ
|
MIIBlDCCAUagAwIBAgIUGNZ/ASP8F2ytev3YplTk4jA5a2EwBQYDK2VwMEgxCzAJ
|
||||||
|
|
|
||||||
|
|
@ -8,3 +8,5 @@ sudo: prod.sudo
|
||||||
promtail: prod.#promtail
|
promtail: prod.#promtail
|
||||||
|
|
||||||
loki: prod.loki
|
loki: prod.loki
|
||||||
|
|
||||||
|
caddy: prod.caddy
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
{{ caddy.acme.ca }}
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
{{ loki.caddy.acme_ca }}
|
|
||||||
Loading…
Reference in New Issue