mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
Alex Palaistras
f0fd067dca
This should help make use of host-specific certificates easier, as otherwise containers will have access to all certificates and private keys.
22 lines
1002 B
Desktop File
22 lines
1002 B
Desktop File
[Unit]
|
|
Description="Let's Encrypt DNS01 certificate register for %I"
|
|
Wants=container-build@letsencrypt.service letsencrypt-dns-renew@%i.timer
|
|
After=container-build@letsencrypt.service
|
|
Before=letsencrypt-dns-renew@%i.timer
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
SyslogIdentifier=%N
|
|
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
|
|
ExecStart=/bin/podman run --replace --rm --name letsencrypt-register-%i \
|
|
--env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
|
|
--volume letsencrypt:/var/lib/letsencrypt:z \
|
|
--volume letsencrypt-certificates:/var/lib/letsencrypt-certificates:z \
|
|
localhost/letsencrypt:latest \
|
|
--accept-tos --pem --path /var/lib/letsencrypt --domains "%i" \
|
|
--server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} run \
|
|
--run-hook /run-hook
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|