First commit
This commit is contained in:
parent
360ef99190
commit
2dd6df1582
|
@ -0,0 +1,3 @@
|
|||
Kind = "service-defaults"
|
||||
Name = "[[ .miniflux.instance ]][[ .consul.suffix ]]"
|
||||
Protocol = "http"
|
|
@ -0,0 +1,16 @@
|
|||
[[- $c := merge .miniflux . ]]
|
||||
Kind = "service-intentions"
|
||||
Name = "[[ .miniflux.instance ]][[ $c.consul.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ $c.traefik.instance ]][[ $c.consul.suffix ]]"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
||||
HTTP {
|
||||
Methods = ["GET", "HEAD", "POST", "PUT", "DELETE"]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
|
@ -0,0 +1,26 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG MINIFLUX_VERSION=2.0.49
|
||||
|
||||
ENV LISTEN_ADDR=0.0.0.0:8085 \
|
||||
RUN_MIGRATIONS=1 \
|
||||
CREATE_ADMIN=1 \
|
||||
ADMIN_USERNAME=admin \
|
||||
ADMIN_PASSWORD=miniflux \
|
||||
PROXY_IMAGES=all \
|
||||
POLLING_FREQUENCY=15 \
|
||||
POLLING_PARSING_ERROR_LIMIT=8
|
||||
|
||||
RUN set -eux &&\
|
||||
apk --no-cache upgrade &&\
|
||||
apk --no-cache add curl ca-certificates &&\
|
||||
curl -sSLo /usr/local/bin/miniflux https://github.com/miniflux/v2/releases/download/${MINIFLUX_VERSION}/miniflux-linux-amd64 &&\
|
||||
chown root:root /usr/local/bin/miniflux &&\
|
||||
chmod 755 /usr/local/bin/miniflux &&\
|
||||
addgroup -g 8085 miniflux &&\
|
||||
adduser --system --ingroup miniflux --disabled-password --uid 8085 --shell /sbin/nologin miniflux
|
||||
|
||||
EXPOSE 8085
|
||||
USER miniflux
|
||||
CMD ["miniflux"]
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
[[- template "common/vault.mkpgrole.sh.tpl"
|
||||
dict "ctx" .
|
||||
"config" (dict "role" .miniflux.instance "database" "postgres")
|
||||
]]
|
|
@ -0,0 +1,99 @@
|
|||
[[- $c := merge .miniflux . -]]
|
||||
|
||||
job [[ .miniflux.instance | toJSON ]] {
|
||||
|
||||
[[ template "common/job_start.tpl" $c ]]
|
||||
|
||||
group "miniflux" {
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
[[- if $c.prometheus.enabled ]]
|
||||
port "metrics" {}
|
||||
[[- end ]]
|
||||
}
|
||||
|
||||
ephemeral_disk {
|
||||
size = 101
|
||||
}
|
||||
|
||||
service {
|
||||
name = "[[ .miniflux.instance ]][[ $c.consul.suffix ]]"
|
||||
port = 8085
|
||||
|
||||
[[ template "common/prometheus_meta.tpl" $c ]]
|
||||
|
||||
[[ template "common/connect.tpl" $c ]]
|
||||
|
||||
check {
|
||||
type = "http"
|
||||
path = "/healthcheck"
|
||||
expose = true
|
||||
interval = "10s"
|
||||
timeout = "3s"
|
||||
|
||||
check_restart {
|
||||
limit = 20
|
||||
grace = "20s"
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"[[ $c.traefik.instance ]].enable=true",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .miniflux.public_url).Hostname ]]`)
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .miniflux.public_url).Path) ]] && PathPrefix(`[[ (urlParse .miniflux.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse .miniflux.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .miniflux.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .miniflux.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].middlewares=[[ .miniflux.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||
[[- end ]]
|
||||
]
|
||||
}
|
||||
|
||||
[[- if $c.prometheus.enabled ]]
|
||||
[[ template "common/task.metrics_proxy.tpl" $c ]]
|
||||
[[- end ]]
|
||||
|
||||
task "miniflux" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .miniflux.image | toJSON ]]
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .miniflux.instance ]][[ $c.consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
env {
|
||||
LISTEN_ADDR = "127.0.0.1:8085"
|
||||
BASE_URL = [[ .miniflux.public_url | toJSON ]]
|
||||
[[- if $c.prometheus.enabled ]]
|
||||
METRICS_COLLECTOR = 1
|
||||
[[- end ]]
|
||||
[[ template "common/proxy_env.tpl" $c ]]
|
||||
}
|
||||
|
||||
[[ template "common/file_env.tpl" $c.env ]]
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{ with secret "[[ .vault.prefix ]]database/creds/[[ .miniflux.instance ]]" }}
|
||||
DATABASE_URL="host=localhost port=5432 user={{ .Data.username }} password='{{ .Data.password }}' dbname=[[ .miniflux.db.name ]] sslmode=disable"
|
||||
{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/miniflux.env"
|
||||
perms = 400
|
||||
env = true
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .miniflux.resources ]]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "miniflux" .miniflux.instance) ]]
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
|
||||
miniflux:
|
||||
# Name of this instance (controls job and service name)
|
||||
instance: miniflux
|
||||
|
||||
# Postgres database settings
|
||||
db:
|
||||
host: localhost
|
||||
port: 5432
|
||||
user: '[[ .miniflux.instance ]]'
|
||||
name: '[[ .miniflux.instance ]]'
|
||||
|
||||
# Default to try to connect to a postgres service from the service mesh
|
||||
consul:
|
||||
connect:
|
||||
upstreams:
|
||||
- destination_name: postgres
|
||||
local_bind_port: 5432
|
||||
|
||||
# Docker image to use
|
||||
image: danielberteaud/miniflux:2.0.49-1
|
||||
|
||||
# Resources for the container
|
||||
resources:
|
||||
cpu: 50
|
||||
memory: 64
|
||||
|
||||
# Additional env var to pass to the container
|
||||
env: {}
|
||||
|
||||
# Public URL of the service
|
||||
public_url: https://flux.example.org
|
||||
|
||||
# Prometheus configuration
|
||||
prometheus:
|
||||
metrics_url: http://localhost:8085/metrics
|
|
@ -0,0 +1,6 @@
|
|||
path "[[ .vault.prefix ]]kv/data/service/[[ .miniflux.instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
path "[[ .vault.prefix ]]database/creds/[[ .miniflux.instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
Loading…
Reference in New Issue