Skip to content

Source: examples/safe/container.bu#

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# butane config

storage:
  trees:
    # all Containerfile files
    - path: /etc/containers/build
      local: Containerfile

    # all quadlet container/volume/network configuration files
    - path: /etc/containers/systemd
      local: container

  files:
    - path: /etc/containers/environment/tang-systemd.env
      mode: 0600
      contents:
        inline: |
          HOSTNAME=tang.{{ HOSTNAME }}

    - path: /etc/local/frontend/frontend.tang.dynamic.yml
      contents:
        inline: |
          # traefik frontend.tang.dynamic.yml
          tcp:
            routers:
              # terminate ssl with nosni and mandatory client cert
              tang-mtls-nosni-terminator:
                entryPoints:
                  - "tang-mtls-nosni"
                rule: "HostSNI(`*`)"
                tls:
                  options: "mtls-nosni@file"
                service: "tang-forward-to-http"
            services:
              # Forward the decrypted traffic to the internal HTTP entrypoint
              tang-forward-to-http:
                loadBalancer:
                  servers:
                    - address: "127.0.0.1:8081"