ilnmors-homelab/config/services/containers/infra/ca/config/ca.json.j2

{
	"root": "/home/step/certs/{{ root_cert_filename }}",
	"federatedRoots": null,
	"crt": "/home/step/certs/{{ intermediate_cert_filename }}",
	"key": "/home/step/secrets/{{ intermediate_key_filename }}",
	"address": ":9000",
	"insecureAddress": "",
	"dnsNames": [
		"{{ services['ca']['domain'] }}.{{ domain['internal'] }}"
	],
	"logger": {
		"format": "text"
	},
	"db": {
		"type": "badgerv2",
		"dataSource": "/home/step/db",
		"badgerFileLoadingMode": ""
	},
	"authority": {
		"policy": {
			"x509": {
				"allow": {
					"dns": [
						"{{ domain['internal'] }}",
						"*.{{ domain['internal'] }}",
						"*.app.{{ domain['internal'] }}"
					]
				},
				"allowWildcardNames": true
			}
		},
		"provisioners": [
			{
				"type": "ACME",
				"name": "acme@{{ domain['internal'] }}",
				"claims": {
					"defaultTLSCertDuration": "2160h0m0s",
					"enableSSHCA": true,
					"disableRenewal": false,
					"allowRenewalAfterExpiry": false,
					"disableSmallstepExtensions": false
				},
				"options": {
					"x509": {},
					"ssh": {}
				}
			}
		],
		"template": {},
		"backdate": "1m0s"
	},
	"tls": {
		"cipherSuites": [
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
		],
		"minVersion": 1.2,
		"maxVersion": 1.3,
		"renegotiation": false
	},
	"commonName": "{{ domain['internal'] }} Online CA"
}