focker/example/gateway/focker-compose.yml

exec.prebuild:
  - focker volume remove --force gateway-cookiecutter


exec.postbuild:
  - python3 getmetadata.py
  - |
    focker jail oneshot -m `pwd`/files:/cookiecutter/input/meta \
      `pwd`/nginx-http/files:/cookiecutter/input/nginx-http \
      `pwd`/nginx-https/files:/cookiecutter/input/nginx-https \
      gateway-cookiecutter:/cookiecutter/output \
      -- \
      gateway-cookiecutter \
      /cookiecutter/scripts/run.sh


volumes:
  certbot-data:
    chown: 65534:65534
    chmod: 0750
    zfs:
      quota: 1G
  certbot-webroot:
    chown: 65534:80
    chmod: 0750
    zfs:
      quota: 1G
  gateway-cookiecutter:
    chmod: 0750
    zfs:
      quota: 1G


images:
  gateway-cookiecutter: ./gateway-cookiecutter
  nginx-http: ./nginx-http
  nginx-https: ./nginx-https
  certbot: ./certbot


jails:
  nginx-http:
    image: nginx-http
    mounts:
      certbot-webroot: /certbot/webroot
      gateway-cookiecutter: /cookiecutter
    ip4.addr: 127.0.12.1
    exec.start: |
      cp -v /cookiecutter/nginx-http/nginx.conf \
      /usr/local/etc/nginx/nginx.conf && \
      /bin/sh /etc/rc

  certbot:
    image: certbot
    depend: nginx-http
    mounts:
      certbot-data: /usr/local/etc/letsencrypt
      certbot-webroot: /certbot/webroot
      gateway-cookiecutter: /cookiecutter
    exec.start: |
      cp -v /cookiecutter/meta/cookiecutter.json \
        /certbot/data/metadata.json && \
      if [ ! -f /certbot/data/.ready ]; then
        rm -vf /usr/local/etc/letsencrypt/.ready && \
        /usr/local/bin/python3 /certbot/scripts/certbot.py && \
        touch /usr/local/etc/letsencrypt/.ready && \
        touch /certbot/data/.ready;
      fi && \
      /bin/sh /etc/rc
    ip4.addr: 127.0.13.1

  nginx-https:
    image: nginx-https
    depend:
      - certbot
      - nginx-http
    mounts:
      certbot-data: /usr/local/etc/letsencrypt
      gateway-cookiecutter: /cookiecutter
    exec.start: |
      cp -v /cookiecutter/nginx-https/nginx.conf \
        /usr/local/etc/nginx/nginx.conf && \
      (( until [ -f /usr/local/etc/letsencrypt/.ready ]; do sleep 1; done && \
      /bin/sh /etc/rc) &)
    ip4.addr: 127.0.14.1