Update rendered example

example/bounca.nomad.hcl

@@ -75,7 +75,7 @@ job "bounca" {
       user   = 1053
 
       config {
-        image           = "danielberteaud/wait-for:24.2-1"
+        image           = "danielberteaud/wait-for:24.3-1"
         readonly_rootfs = true
         pids_limit      = 20
       }
@@ -137,7 +137,7 @@ job "bounca" {
       template {
         data        = <<_EOT
 BOUNCA_DB_NAME=bounca
-BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
+BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
 LANG=fr_FR.utf8
 TZ=Europe/Paris
 _EOT
@@ -193,8 +193,8 @@ _EOT
 
       template {
         data        = <<_EOT
-BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }}
+BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
-BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }}
+BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
 BOUNCA_DB_PORT=5432
 _EOT
         destination = "secrets/.db.env"
@@ -251,7 +251,7 @@ _EOT
       template {
         data        = <<_EOT
 BOUNCA_DB_NAME=bounca
-BOUNCA_DJANGO_SECRET={{ with secret "//kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
+BOUNCA_DJANGO_SECRET={{ with secret "/kv/service/bounca" }}{{ .Data.data.django_secret }}{{ end }}
 LANG=fr_FR.utf8
 TZ=Europe/Paris
 _EOT
@@ -263,8 +263,8 @@ _EOT
 
       template {
         data        = <<_EOT
-BOUNCA_DB_USER={{ with secret "//database/creds/bounca" }}{{ .Data.username }}{{ end }}
+BOUNCA_DB_USER={{ with secret "/database/creds/bounca" }}{{ .Data.username }}{{ end }}
-BOUNCA_DB_PASSWORD={{ with secret "//database/creds/bounca" }}{{ .Data.password }}{{ end }}
+BOUNCA_DB_PASSWORD={{ with secret "/database/creds/bounca" }}{{ .Data.password }}{{ end }}
 BOUNCA_DB_PORT=5432
 _EOT
         destination = "secrets/.db.env"

example/images/bounca/Dockerfile

@@ -74,7 +74,7 @@ RUN set -euxo pipefail &&\
       nginx \
       postgresql16-client
 
-COPY --from=danielberteaud/alpine:24.2-1 /usr/local/bin/minit /usr/local/bin/minit
+COPY --from=danielberteaud/alpine:24.3-1 /usr/local/bin/minit /usr/local/bin/minit
 COPY root/ /
 
 WORKDIR /opt/bounca

example/init/vault-database

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-set -euo pipefailvault write /database/roles/bounca \
+set -euo pipefailvault write database/roles/bounca \
     db_name="postgres" \
     creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
         GRANT \"bounca\" TO \"{{name}}\"; \

example/prep.d/10-rand-pwd.sh

@@ -5,7 +5,7 @@ set -euo pipefail
 # vim: syntax=sh
 
 export LC_ALL=C
-VAULT_KV_PATH=/kv/service/bounca
+VAULT_KV_PATH=kv/service/bounca
 RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
 if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
   vault kv put ${VAULT_KV_PATH} \

example/vault/policies/bounca.hcl

@@ -1,7 +1,7 @@
-path "/kv/data/service/bounca" {
+path "kv/data/service/bounca" {
   capabilities = ["read"]
 }
 
-path "/database/creds/bounca" {
+path "database/creds/bounca" {
   capabilities = ["read"]
 }