added sync-certs-job

services/nginx/docker-compose.yaml

@@ -1,4 +1,13 @@
 version: '3'
+
+configs:
+  run-sh:
+    content: |
+      #!/bin/sh
+      # patch security so kubctl on sync-certs-job can write to the mounted volume
+      chown -R 1001:1001 /etc/ssl/certs/casa-limbosolutions-com-certs
+      while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"
+
 services:
   nginx:
     build:
@@ -6,23 +15,26 @@ services:
     pull_policy: build
     image: homesrv/nginx:latest
     volumes:
-      - casa-certs:/etc/ssl
+      - casa-limbosolutions-com-certs:/etc/ssl/certs/casa-limbosolutions-com-certs
     ports:
       - 443:443
       - 80:80
     networks:
       - public
       - private
-    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     restart: unless-stopped
+    command: /bin/sh -c '/run.sh'
+    configs:
+      - source: run-sh
+        target: /run.sh
+        mode: 0755
 volumes:
   nginx-conf.d:
-  casa-certs:
-    name: casa-certs
-    external: true
-      
-  # etc_ssl:
-  #   name: nginx_etc_ssl 
+
+  casa-limbosolutions-com-certs:
+    name: casa-limbosolutions-com-certs
+    external: false     
+
 networks:
   public:
     name: reverseproxy_public