description: "Let's Encrypt server"
type: run-once
maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
docker-image: docker.0k.io/letsencrypt
data-resources:
  - /etc/letsencrypt        ## yes certificates are stored here, this is data
  - /var/log/letsencrypt    ## logs
  - /var/lib/tldextract     ## latest data about TLDs, this is used by lexicon...
default-options:
  renew-before-expiry: 30

provides:
  cert-provider:
uses:
  log-rotate:
    #constraint: required | recommended | optional
    #auto: pair | summon | none ## default: pair
    constraint: recommended
    auto: pair
    solves:
      disk-leak: "/var/log/letsencrypt"
    #default-options:
  schedule-command:
    constraint: recommended
    auto: summon
    solves:
      missing-feature: "Automatic certificate renewal"
    default-options:
      schedule: "30 3 * * 7"  ## schedule log renewal every week