30 lines
957 B

  1. description: "Let's Encrypt server"
  2. type: run-once
  3. maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
  4. ## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
  5. docker-image: docker.0k.io/letsencrypt
  6. data-resources:
  7. - /etc/letsencrypt ## yes certificates are stored here, this is data
  8. - /var/log/letsencrypt ## logs
  9. - /var/lib/tldextract ## latest data about TLDs, this is used by lexicon...
  10. default-options:
  11. renew-before-expiry: 30
  12. provides:
  13. cert-provider:
  14. uses:
  15. log-rotate:
  16. #constraint: required | recommended | optional
  17. #auto: pair | summon | none ## default: pair
  18. constraint: recommended
  19. auto: pair
  20. solves:
  21. disk-leak: "/var/log/letsencrypt"
  22. #default-options:
  23. schedule-command:
  24. constraint: recommended
  25. auto: summon
  26. solves:
  27. missing-feature: "Automatic certificate renewal"
  28. default-options:
  29. schedule: "30 3 * * 7" ## schedule log renewal every week