yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
9a05d2a072ceb07b7cc205fb035b45e380451bca
clan-core/clanServices/certificates/README.md
Johannes Kirschbauer e21a6516b5 docs: update experimental notes as planned in release-notes
2025-11-01 12:30:01 +01:00

1.1 KiB
Raw Blame History

!!! Danger "Experimental" This service is experimental and will change in the future.

This service sets up a certificate authority (CA) that can issue certificates to other machines in your clan. For this the ca role is used. It additionally provides a default role, that can be applied to all machines in your clan and will make sure they trust your CA.

Example Usage

The following configuration would add a CA for the top level domain .foo. If the machine server now hosts a webservice at https://something.foo, it will get a certificate from ca which is valid inside your clan. The machine client will trust this certificate if it makes a request to https://something.foo.

This clan service can be combined with the coredns service for easy to deploy, SSL secured clan-internal service hosting.

inventory = {
  machines.ca = { };
  machines.client = { };
  machines.server = { };

  instances."certificates" = {
    module.name = "certificates";
    module.input = "self";

    roles.ca.machines.ca.settings.tlds = [ "foo" ];
    roles.default.machines.client = { };
    roles.default.machines.server = { };
  };
};