diff options
Diffstat (limited to 'roles/apps/whawty/auth/instance/templates')
| -rw-r--r-- | roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 | 12 | ||||
| -rw-r--r-- | roles/apps/whawty/auth/instance/templates/web.yml.j2 | 13 |
2 files changed, 13 insertions, 12 deletions
diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 index b264577d..50f8e0c2 100644 --- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -11,14 +11,15 @@ containers: - "run" - "--web-addr" - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" -{% if 'tls' in whawty_auth_instances[whawty_auth_instance] %} - "--web-config" - "/config/web.yml" -{% endif %} volumeMounts: - name: config mountPath: /config readOnly: true + - name: tls + mountPath: /tls + readOnly: true - name: store mountPath: /store env: @@ -28,6 +29,9 @@ containers: ports: - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }} hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }} +{% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %} + hostIP: "127.0.0.1" +{% endif %} {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} - name: sync image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}" @@ -49,6 +53,10 @@ volumes: hostPath: path: "{{ whawty_auth_instance_basepath }}/config" type: Directory +- name: tls + hostPath: + path: "{{ whawty_auth_instance_basepath }}/tls" + type: Directory - name: store hostPath: path: "{{ whawty_auth_instance_basepath }}/store" diff --git a/roles/apps/whawty/auth/instance/templates/web.yml.j2 b/roles/apps/whawty/auth/instance/templates/web.yml.j2 index 705e056d..d7f35f2e 100644 --- a/roles/apps/whawty/auth/instance/templates/web.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/web.yml.j2 @@ -1,13 +1,6 @@ --- tls: - certificate: /config/tls/cert.pem - certificate-key: /config/tls/key.pem - min-protocol-version: "TLSv1.2" - ciphers: - - ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - - TLS_CHACHA20_POLY1305_SHA256 + certificate: /tls/publish-crt.pem + certificate-key: /tls/publish-key.pem + min-protocol-version: "TLSv1.3" prefer-server-ciphers: true |