Ryan Malloy
162abedfdd
Per standard Docker convention. The active `.env` is per-host (contains the actual TSIG secret + any host-specific port/hostname overrides). The `.env.example` template documents the expected variables with stub values so a fresh checkout knows what to copy. Also: docker-compose.yml now passes ACME_TSIG_SECRET to the coredns container via plain `environment:` directive -- compose auto-reads `.env` for substitution. No --env-file gymnastics needed at the invocation level.
21 lines
681 B
Plaintext
21 lines
681 B
Plaintext
# Legacy: zones-prepared/ was the generated form when scripts/prepare-zones.sh
|
|
# (now in scripts/archive/) processed zones/. We retired that pipeline in
|
|
# favour of editing zones/*.zone directly as RFC-compliant served files.
|
|
# If anyone runs the archived script, the output stays out of git.
|
|
zones-prepared/*.zone
|
|
|
|
# Self-signed certs (re-generated by scripts/generate-certs.sh)
|
|
certs/*.pem
|
|
|
|
# Caddy's runtime data: issued certs, ACME account keys, transient state.
|
|
# NEVER commit — contains the ACME account private key.
|
|
caddy-data/
|
|
caddy-config/
|
|
|
|
# Local-only env overrides
|
|
.env.local
|
|
|
|
# Operational secrets / per-host overrides. Use .env.example as template.
|
|
.env
|
|
.env.local
|