nomad
/
miniflux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First commit

This commit is contained in:
Daniel Berteaud 2023-10-17 14:26:40 +02:00
parent 360ef99190
commit 2dd6df1582
8 changed files with 196 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
consul/config/service-defaults/miniflux.hcl Normal file
View File

@ -0,0 +1,3 @@
Kind = "service-defaults"
Name = "[[ .miniflux.instance ]][[ .consul.suffix ]]"
Protocol = "http"

16
consul/config/service-intentions/miniflux.hcl Normal file
View File

@ -0,0 +1,16 @@
[[- $c := merge .miniflux . ]]
Kind = "service-intentions"
Name = "[[ .miniflux.instance ]][[ $c.consul.suffix ]]"
Sources = [
{
Name = "[[ $c.traefik.instance ]][[ $c.consul.suffix ]]"
Permissions = [
{
Action = "allow"
HTTP {
Methods = ["GET", "HEAD", "POST", "PUT", "DELETE"]
}
}
]
}
]

26
images/miniflux/Dockerfile Normal file
View File

@ -0,0 +1,26 @@
FROM [[ .docker.repo ]][[ .docker.base_images.alpine.image ]]
MAINTAINER [[ .docker.maintainer ]]
ARG MINIFLUX_VERSION=2.0.49
ENV LISTEN_ADDR=0.0.0.0:8085 \
RUN_MIGRATIONS=1 \
CREATE_ADMIN=1 \
ADMIN_USERNAME=admin \
ADMIN_PASSWORD=miniflux \
PROXY_IMAGES=all \
POLLING_FREQUENCY=15 \
POLLING_PARSING_ERROR_LIMIT=8
RUN set -eux &&\
apk --no-cache upgrade &&\
apk --no-cache add curl ca-certificates &&\
curl -sSLo /usr/local/bin/miniflux https://github.com/miniflux/v2/releases/download/${MINIFLUX_VERSION}/miniflux-linux-amd64 &&\
chown root:root /usr/local/bin/miniflux &&\
chmod 755 /usr/local/bin/miniflux &&\
addgroup -g 8085 miniflux &&\
adduser --system --ingroup miniflux --disabled-password --uid 8085 --shell /sbin/nologin miniflux
EXPOSE 8085
USER miniflux
CMD ["miniflux"]

8
init/vault-miniflux Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -euo pipefail
[[- template "common/vault.mkpgrole.sh.tpl"
dict "ctx" .
"config" (dict "role" .miniflux.instance "database" "postgres")
]]

99
miniflux.nomad.hcl Normal file
View File

@ -0,0 +1,99 @@
[[- $c := merge .miniflux . -]]
job [[ .miniflux.instance | toJSON ]] {
[[ template "common/job_start.tpl" $c ]]
group "miniflux" {
network {
mode = "bridge"
[[- if $c.prometheus.enabled ]]
port "metrics" {}
[[- end ]]
}
ephemeral_disk {
size = 101
}
service {
name = "[[ .miniflux.instance ]][[ $c.consul.suffix ]]"
port = 8085
[[ template "common/prometheus_meta.tpl" $c ]]
[[ template "common/connect.tpl" $c ]]
check {
type = "http"
path = "/healthcheck"
expose = true
interval = "10s"
timeout = "3s"
check_restart {
limit = 20
grace = "20s"
}
}
tags = [
"[[ $c.traefik.instance ]].enable=true",
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .miniflux.public_url).Hostname ]]`)
[[- if not (regexp.Match "^/?$" (urlParse .miniflux.public_url).Path) ]] && PathPrefix(`[[ (urlParse .miniflux.public_url).Path ]]`)[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
[[- if not (regexp.Match "^/?$" (urlParse .miniflux.public_url).Path) ]]
"[[ $c.traefik.instance ]].http.middlewares.[[ .miniflux.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .miniflux.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].middlewares=[[ .miniflux.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
[[- else ]]
"[[ $c.traefik.instance ]].http.routers.[[ .miniflux.instance ]][[ $c.consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
[[- end ]]
]
}
[[- if $c.prometheus.enabled ]]
[[ template "common/task.metrics_proxy.tpl" $c ]]
[[- end ]]
task "miniflux" {
driver = [[ $c.nomad.driver | toJSON ]]
config {
image = [[ .miniflux.image | toJSON ]]
pids_limit = 100
readonly_rootfs = true
}
vault {
policies = ["[[ .miniflux.instance ]][[ $c.consul.suffix ]]"]
env = false
disable_file = true
}
env {
LISTEN_ADDR = "127.0.0.1:8085"
BASE_URL = [[ .miniflux.public_url | toJSON ]]
[[- if $c.prometheus.enabled ]]
METRICS_COLLECTOR = 1
[[- end ]]
[[ template "common/proxy_env.tpl" $c ]]
}
[[ template "common/file_env.tpl" $c.env ]]
template {
data =<<_EOT
{{ with secret "[[ .vault.prefix ]]database/creds/[[ .miniflux.instance ]]" }}
DATABASE_URL="host=localhost port=5432 user={{ .Data.username }} password='{{ .Data.password }}' dbname=[[ .miniflux.db.name ]] sslmode=disable"
{{ end }}
_EOT
destination = "secrets/miniflux.env"
perms = 400
env = true
}
[[ template "common/resources.tpl" .miniflux.resources ]]
}
}
}

1
prep.d/mv_conf.sh Executable file
View File

@ -0,0 +1 @@
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "miniflux" .miniflux.instance) ]]

37
variables.yml Normal file
View File

@ -0,0 +1,37 @@
---
miniflux:
# Name of this instance (controls job and service name)
instance: miniflux
# Postgres database settings
db:
host: localhost
port: 5432
user: '[[ .miniflux.instance ]]'
name: '[[ .miniflux.instance ]]'
# Default to try to connect to a postgres service from the service mesh
consul:
connect:
upstreams:
- destination_name: postgres
local_bind_port: 5432
# Docker image to use
image: danielberteaud/miniflux:2.0.49-1
# Resources for the container
resources:
cpu: 50
memory: 64
# Additional env var to pass to the container
env: {}
# Public URL of the service
public_url: https://flux.example.org
# Prometheus configuration
prometheus:
metrics_url: http://localhost:8085/metrics

6
vault/policies/miniflux.hcl Normal file
View File

@ -0,0 +1,6 @@
path "[[ .vault.prefix ]]kv/data/service/[[ .miniflux.instance ]]" {
capabilities = ["read"]
}
path "[[ .vault.prefix ]]database/creds/[[ .miniflux.instance ]]" {
capabilities = ["read"]
}