Update rendered example
This commit is contained in:
parent
0ce1f601fb
commit
3d4c96d365
|
@ -75,7 +75,7 @@ job "bounca" {
|
||||||
user = 1053
|
user = 1053
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "danielberteaud/wait-for:24.2-1"
|
image = "danielberteaud/wait-for:24.3-1"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
pids_limit = 20
|
pids_limit = 20
|
||||||
}
|
}
|
||||||
|
@ -137,7 +137,7 @@ job "bounca" {
|
||||||
template {
|
template {
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
BOUNCA_DB_NAME=bounca
|
BOUNCA_DB_NAME=bounca
|
||||||
BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
|
BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
|
||||||
LANG=fr_FR.utf8
|
LANG=fr_FR.utf8
|
||||||
TZ=Europe/Paris
|
TZ=Europe/Paris
|
||||||
_EOT
|
_EOT
|
||||||
|
@ -193,8 +193,8 @@ _EOT
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }}
|
BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
|
||||||
BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }}
|
BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
|
||||||
BOUNCA_DB_PORT=5432
|
BOUNCA_DB_PORT=5432
|
||||||
_EOT
|
_EOT
|
||||||
destination = "secrets/.db.env"
|
destination = "secrets/.db.env"
|
||||||
|
@ -251,7 +251,7 @@ _EOT
|
||||||
template {
|
template {
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
BOUNCA_DB_NAME=bounca
|
BOUNCA_DB_NAME=bounca
|
||||||
BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
|
BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
|
||||||
LANG=fr_FR.utf8
|
LANG=fr_FR.utf8
|
||||||
TZ=Europe/Paris
|
TZ=Europe/Paris
|
||||||
_EOT
|
_EOT
|
||||||
|
@ -263,8 +263,8 @@ _EOT
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }}
|
BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
|
||||||
BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }}
|
BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
|
||||||
BOUNCA_DB_PORT=5432
|
BOUNCA_DB_PORT=5432
|
||||||
_EOT
|
_EOT
|
||||||
destination = "secrets/.db.env"
|
destination = "secrets/.db.env"
|
||||||
|
|
|
@ -74,7 +74,7 @@ RUN set -euxo pipefail &&\
|
||||||
nginx \
|
nginx \
|
||||||
postgresql16-client
|
postgresql16-client
|
||||||
|
|
||||||
COPY --from=danielberteaud/alpine:24.2-1 /usr/local/bin/minit /usr/local/bin/minit
|
COPY --from=danielberteaud/alpine:24.3-1 /usr/local/bin/minit /usr/local/bin/minit
|
||||||
COPY root/ /
|
COPY root/ /
|
||||||
|
|
||||||
WORKDIR /opt/bounca
|
WORKDIR /opt/bounca
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
set -euo pipefailvault write /database/roles/bounca \
|
set -euo pipefailvault write database/roles/bounca \
|
||||||
db_name="postgres" \
|
db_name="postgres" \
|
||||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||||
GRANT \"bounca\" TO \"{{name}}\"; \
|
GRANT \"bounca\" TO \"{{name}}\"; \
|
||||||
|
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
||||||
# vim: syntax=sh
|
# vim: syntax=sh
|
||||||
|
|
||||||
export LC_ALL=C
|
export LC_ALL=C
|
||||||
VAULT_KV_PATH=/kv/service/bounca
|
VAULT_KV_PATH=kv/service/bounca
|
||||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||||
vault kv put ${VAULT_KV_PATH} \
|
vault kv put ${VAULT_KV_PATH} \
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
path "/kv/data/service/bounca" {
|
path "kv/data/service/bounca" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
path "/database/creds/bounca" {
|
path "database/creds/bounca" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user