Update rendered example

This commit is contained in:
Daniel Berteaud 2024-03-05 14:47:58 +01:00
parent 0ce1f601fb
commit 3d4c96d365
5 changed files with 12 additions and 12 deletions

View File

@ -75,7 +75,7 @@ job "bounca" {
user = 1053 user = 1053
config { config {
image = "danielberteaud/wait-for:24.2-1" image = "danielberteaud/wait-for:24.3-1"
readonly_rootfs = true readonly_rootfs = true
pids_limit = 20 pids_limit = 20
} }
@ -137,7 +137,7 @@ job "bounca" {
template { template {
data = <<_EOT data = <<_EOT
BOUNCA_DB_NAME=bounca BOUNCA_DB_NAME=bounca
BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
LANG=fr_FR.utf8 LANG=fr_FR.utf8
TZ=Europe/Paris TZ=Europe/Paris
_EOT _EOT
@ -193,8 +193,8 @@ _EOT
template { template {
data = <<_EOT data = <<_EOT
BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }} BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }} BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
BOUNCA_DB_PORT=5432 BOUNCA_DB_PORT=5432
_EOT _EOT
destination = "secrets/.db.env" destination = "secrets/.db.env"
@ -251,7 +251,7 @@ _EOT
template { template {
data = <<_EOT data = <<_EOT
BOUNCA_DB_NAME=bounca BOUNCA_DB_NAME=bounca
BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }} BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
LANG=fr_FR.utf8 LANG=fr_FR.utf8
TZ=Europe/Paris TZ=Europe/Paris
_EOT _EOT
@ -263,8 +263,8 @@ _EOT
template { template {
data = <<_EOT data = <<_EOT
BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }} BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }} BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
BOUNCA_DB_PORT=5432 BOUNCA_DB_PORT=5432
_EOT _EOT
destination = "secrets/.db.env" destination = "secrets/.db.env"

View File

@ -74,7 +74,7 @@ RUN set -euxo pipefail &&\
nginx \ nginx \
postgresql16-client postgresql16-client
COPY --from=danielberteaud/alpine:24.2-1 /usr/local/bin/minit /usr/local/bin/minit COPY --from=danielberteaud/alpine:24.3-1 /usr/local/bin/minit /usr/local/bin/minit
COPY root/ / COPY root/ /
WORKDIR /opt/bounca WORKDIR /opt/bounca

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
set -euo pipefailvault write /database/roles/bounca \ set -euo pipefailvault write database/roles/bounca \
db_name="postgres" \ db_name="postgres" \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \ creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
GRANT \"bounca\" TO \"{{name}}\"; \ GRANT \"bounca\" TO \"{{name}}\"; \

View File

@ -5,7 +5,7 @@ set -euo pipefail
# vim: syntax=sh # vim: syntax=sh
export LC_ALL=C export LC_ALL=C
VAULT_KV_PATH=/kv/service/bounca VAULT_KV_PATH=kv/service/bounca
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50" RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
vault kv put ${VAULT_KV_PATH} \ vault kv put ${VAULT_KV_PATH} \

View File

@ -1,7 +1,7 @@
path "/kv/data/service/bounca" { path "kv/data/service/bounca" {
capabilities = ["read"] capabilities = ["read"]
} }
path "/database/creds/bounca" { path "database/creds/bounca" {
capabilities = ["read"] capabilities = ["read"]
} }