30 lines
957 B

description: "Let's Encrypt server"
type: run-once
maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
## XXXvlab: docker uses the 'build' directory or the 'image:' option here.
docker-image: docker.0k.io/letsencrypt
data-resources:
- /etc/letsencrypt ## yes certificates are stored here, this is data
- /var/log/letsencrypt ## logs
- /var/lib/tldextract ## latest data about TLDs, this is used by lexicon...
default-options:
renew-before-expiry: 30
provides:
cert-provider:
uses:
log-rotate:
#constraint: required | recommended | optional
#auto: pair | summon | none ## default: pair
constraint: recommended
auto: pair
solves:
disk-leak: "/var/log/letsencrypt"
#default-options:
schedule-command:
constraint: recommended
auto: summon
solves:
missing-feature: "Automatic certificate renewal"
default-options:
schedule: "30 3 * * 7" ## schedule log renewal every week