caddy: Separate out from loki app

This will make it more clear when sharing Caddy resources with other applications (e.g. Frigate).
2024-04-05 20:28:26 -05:00 · 2024-04-05 20:28:26 -05:00 · ee66e9ea18
parent b5fea000fa
commit ee66e9ea18
8 changed files with 56 additions and 39 deletions
--- a/app/caddy/templates.cue
+++ b/app/caddy/templates.cue
@ -0,0 +1,26 @@
+package caddy
+
+import "du5t1n.me/cfg/base/schema/instructions"
+
+templates: [...instructions.#RenderInstruction] & [
+	{
+		template: "caddy/acme-ca.crt"
+		dest:     "/etc/caddy/acme-ca.crt"
+		hooks: {
+			changed: [{run: "systemctl try-reload-or-restart caddy"}]
+		}
+	},
+	{
+		template: "caddy/caddy.container"
+		dest:     "/etc/containers/systemd/caddy.container"
+		hooks: {
+			changed: [
+				{
+					run:       "systemctl daemon-reload"
+					immediate: true
+				},
+				{run: "systemctl restart caddy"},
+			]
+		}
+	},
+]
--- a/app/loki/templates.cue
+++ b/app/loki/templates.cue
@ -2,6 +2,8 @@ package loki

 import "du5t1n.me/cfg/base/schema/instructions"

+import "du5t1n.me/cfg/app/caddy"
+
 templates: [...instructions.#RenderInstruction] & [
 	{
 		template: "loki/config.yml"
@ -30,13 +32,6 @@ templates: [...instructions.#RenderInstruction] & [
 			changed: [{run: "systemctl try-reload-or-restart caddy"}]
 		}
 	},
-	{
-		template: "loki/caddy-acme-ca.crt"
-		dest:     "/etc/caddy/acme-ca.crt"
-		hooks: {
-			changed: [{run: "systemctl try-reload-or-restart caddy"}]
-		}
-	},
 	{
 		template: "loki/Caddyfile"
 		dest:     "/etc/caddy/Caddyfile"
@ -44,17 +39,4 @@ templates: [...instructions.#RenderInstruction] & [
 			changed: [{run: "systemctl try-reload-or-restart caddy"}]
 		}
 	},
-	{
-		template: "loki/caddy.container"
-		dest:     "/etc/containers/systemd/caddy.container"
-		hooks: {
-			changed: [
-				{
-					run:       "systemctl daemon-reload"
-					immediate: true
-				},
-				{run: "systemctl restart caddy"},
-			]
-		}
-	},
-]
+]+caddy.templates
--- a/env/prod/caddy.cue
+++ b/env/prod/caddy.cue
@ -0,0 +1,24 @@
+package prod
+
+caddy: {
+	acme: {
+		ca: """
+			-----BEGIN CERTIFICATE-----
+			MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ
+			BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD
+			SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL
+			MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ
+			RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2
+			lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD
+			VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB
+			ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG
+			CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu
+			bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0
+			dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw
+			A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt
+			yfObaZ8/YiXxCSjL6/KzRSSjAQ==
+			-----END CERTIFICATE-----
+			"""
+		url: "https://ca.pyrocufflink.blue:32599/acme/acme/directory"
+	}
+}
--- a/env/prod/loki.cue
+++ b/env/prod/loki.cue
@ -1,23 +1,6 @@
 package prod

 loki: caddy: {
-	acme_ca: """
-		-----BEGIN CERTIFICATE-----
-		MIICTzCCAgGgAwIBAgIUDNTFsSYYl8xsEcg9kTatxvOSkmUwBQYDK2VwMEAxCzAJ
-		BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD
-		SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjk0M1oXDTI1MDIxNzIwMjk0M1owOzEL
-		MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UEAwwJ
-		RENIIENBIFIzMCowBQYDK2VwAyEA50stJ8iW6/f+uECPxAJwpSfQDRQg4/AgKJY2
-		lpd3uNijggEQMIIBDDAdBgNVHQ4EFgQUtiqtFaZZ/c4IfWXV5SjJIOPbmoowHwYD
-		VR0jBBgwFoAUtmjEAcG9apstYyBr8MACUb2J2jkwEgYDVR0TAQH/BAgwBgEB/wIB
-		ADALBgNVHQ8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEwG
-		CCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAoYwaHR0cHM6Ly9kdXN0aW4uaGF0Y2gu
-		bmFtZS9kY2gtY2EvZGNoLXJvb3QtY2EuY3J0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0
-		dHBzOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1jYS5jcmwwBQYDK2Vw
-		A0EAACaKAJAKejpFXQV+mgPdDXaylvakc4rCEs1pFhPXbbMMGflNOeiiy+c+aMwt
-		yfObaZ8/YiXxCSjL6/KzRSSjAQ==
-		-----END CERTIFICATE-----
-		"""
 	client_ca: """
 		-----BEGIN CERTIFICATE-----
 		MIIBlDCCAUagAwIBAgIUGNZ/ASP8F2ytev3YplTk4jA5a2EwBQYDK2VwMEgxCzAJ
--- a/host/loki0.pyrocufflink.blue.cue
+++ b/host/loki0.pyrocufflink.blue.cue
@ -8,3 +8,5 @@ sudo: prod.sudo
 promtail: prod.#promtail

 loki: prod.loki
+
+caddy: prod.caddy
--- a/templates/caddy/acme-ca.crt
+++ b/templates/caddy/acme-ca.crt
@ -0,0 +1 @@
+{{ caddy.acme.ca }}
--- a/templates/caddy/caddy.container
+++ b/templates/caddy/caddy.container
--- a/templates/loki/caddy-acme-ca.crt
+++ b/templates/loki/caddy-acme-ca.crt
@ -1 +0,0 @@
-{{ loki.caddy.acme_ca }}