Page MenuHomeDevCentral
Files F3754595

D2177.id5479.diff
No OneTemporary
Actions

D2177.id5479.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -34,5 +34,6 @@
37080 Notifications center HTTP
38080 Jenkins HTTP - CD
39080 Cachet HTTP
+ 41080 ACME DNS server HTTP
42080 Jenkins HTTP - CI
50000 Jenkins master's port for JNLP-based Jenkins agents - CD
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -38,6 +38,9 @@
- library/registry
- nasqueron/mysql
+ # ACME DNS server
+ - joohoi/acme-dns
+
# Nasqueron services
- nasqueron/auth-grove
@@ -214,6 +217,17 @@
# Dwellers (through temporary tunnel)
- 10.0.2.1
+ #
+ # Let's Encrypt
+ #
+
+ acme_dns:
+ acme:
+ ip: *ipv4_equatower
+ app_port: 41080
+ host: acme.nasqueron.org
+ nsadmin: ops.nasqueron.org
+
#
# CI and CD
#
diff --git a/roles/paas-docker/containers/acme_dns.sls b/roles/paas-docker/containers/acme_dns.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/acme_dns.sls
@@ -0,0 +1,73 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-02-04
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set containers = pillar['docker_containers'][grains['id']] %}
+
+{% for instance, container in containers['acme_dns'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}:
+ file.directory:
+ - makedirs: True
+
+/srv/{{ instance }}/etc:
+ file.directory
+
+/srv/{{ instance }}/lib:
+ file.directory
+
+{% if has_selinux %}
+selinux_context_openfire_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ instance }}
+ - sel_type: container_file_t
+
+selinux_context_openfire_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ instance }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}/etc/config.cfg:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/acme/config.cfg
+ - template: jinja
+ - context:
+ ip: {{ container['ip'] }}
+ domain: {{ container['host'] }}
+ nsadmin: {{ container['nsadmin'] }}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: joohoi/acme-dns
+ - binds:
+ - /srv/{{ instance }}/etc:/etc/acme-dns:ro
+ - /srv/{{ instance }}/lib:/var/lib/acme-dns
+ - ports:
+ - 53
+ - 53/udp
+ - 80
+ - port_bindings:
+ - 53:53
+ - 53:53/udp
+ - {{ container['app_port'] }}:80
+
+{% endfor %}
diff --git a/roles/paas-docker/containers/files/acme/config.cfg b/roles/paas-docker/containers/files/acme/config.cfg
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/acme/config.cfg
@@ -0,0 +1,31 @@
+[general]
+listen = "0.0.0.0:53"
+protocol = "both"
+domain = "{{ domain }}"
+nsname = "{{ domain }}"
+nsadmin = "{{ nsadmin }}"
+records = [
+ "{{ domain }}. A {{ ip }}",
+ "{{ domain }}. NS {{ domain }}.",
+]
+debug = false
+
+[database]
+engine = "sqlite3"
+connection = "/var/lib/acme-dns/acme-dns.db"
+
+[api]
+ip = "0.0.0.0"
+disable_registration = false
+port = "80"
+tls = "none"
+corsorigins = [
+ "*"
+]
+use_header = true
+header_name = "X-Forwarded-For"
+
+[logconfig]
+loglevel = "warning"
+logtype = "stdout"
+logformat = "text"

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 19, 08:28 (22 h, 2 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2252252
Default Alt Text
D2177.id5479.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator