added sync-certs-job

2025-06-05 11:51:05 +00:00
parent 077be73b69
commit c5726df9c4
8 changed files with 235 additions and 34 deletions
--- a/services/nginx/docker-compose.yaml
+++ b/services/nginx/docker-compose.yaml
@@ -1,4 +1,13 @@
 version: '3'
+
+configs:
+  run-sh:
+    content: |
+      #!/bin/sh
+      # patch security so kubctl on sync-certs-job can write to the mounted volume
+      chown -R 1001:1001 /etc/ssl/certs/casa-limbosolutions-com-certs
+      while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"
+
 services:
  nginx:
    build:
@@ -6,23 +15,26 @@ services:
    pull_policy: build
    image: homesrv/nginx:latest
    volumes:
-      - casa-certs:/etc/ssl
+      - casa-limbosolutions-com-certs:/etc/ssl/certs/casa-limbosolutions-com-certs
    ports:
      - 443:443
      - 80:80
    networks:
      - public
      - private
-    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    restart: unless-stopped
+    command: /bin/sh -c '/run.sh'
+    configs:
+      - source: run-sh
+        target: /run.sh
+        mode: 0755
 volumes:
  nginx-conf.d:
-  casa-certs:
-    name: casa-certs
-    external: true
-      
-  # etc_ssl:
-  #   name: nginx_etc_ssl 
+
+  casa-limbosolutions-com-certs:
+    name: casa-limbosolutions-com-certs
+    external: false     
+
 networks:
  public:
    name: reverseproxy_public
--- a/services/nginx/docker/nginx.conf.d/has.conf
+++ b/services/nginx/docker/nginx.conf.d/has.conf
@@ -13,8 +13,8 @@ server {
 server {

    listen 443 ssl;
-    ssl_certificate /etc/ssl/tls.crt;
-    ssl_certificate_key /etc/ssl/tls.key;
+    ssl_certificate /etc/ssl/certs/casa-limbosolutions-com-certs/casa-limbosolutions-com-tls_tls.crt;
+    ssl_certificate_key /etc/ssl/certs/casa-limbosolutions-com-certs/casa-limbosolutions-com-tls_tls.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

--- a/services/rclone-certs/docker-compose.yaml
+++ b/services/rclone-certs/docker-compose.yaml
@@ -1,24 +0,0 @@
-version: '3.8'
-
-services:
-  rclone:
-    image: rclone/rclone:latest
-    container_name: rclone
-    environment:
-      - TZ=UTC
-      - RCLONE_CONFIG_S3_TYPE=s3
-      - RCLONE_CONFIG_S3_PROVIDER=SeaweedFS
-      - RCLONE_CONFIG_S3_ACCESS_KEY_ID=${RCLONE_S3_ACCESS_KEY_ID}
-      - RCLONE_CONFIG_S3_SECRET_ACCESS_KEY=${RCLONE_S3_SECRET_ACCESS_KEY}
-      - RCLONE_CONFIG_S3_ENDPOINT=${RCLONE_S3_ENDPOINT}
-      - RCLONE_CONFIG_S3_BUCKET=${RCLONE_S3_BUCKET}
-      
-    volumes:
-      - casa-certs:/certs
-    command: sync s3:/casa.certs /certs
-    restart: no
-volumes:
-  casa-certs:
-    name: casa-certs
-    external: false
-