Add rendered example
This commit is contained in:
parent
8fb6686d37
commit
8a0de8df6a
|
@ -0,0 +1,3 @@
|
|||
Kind = "service-defaults"
|
||||
Name = "miniflux"
|
||||
Protocol = "http"
|
|
@ -0,0 +1,15 @@
|
|||
Kind = "service-intentions"
|
||||
Name = "miniflux"
|
||||
Sources = [
|
||||
{
|
||||
Name = "traefik"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
||||
HTTP {
|
||||
Methods = ["GET", "HEAD", "POST", "PUT", "DELETE"]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
|
@ -0,0 +1,26 @@
|
|||
FROM danielberteaud/alpine:24.1-1
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG MINIFLUX_VERSION=2.0.51
|
||||
|
||||
ENV LISTEN_ADDR=0.0.0.0:8085 \
|
||||
RUN_MIGRATIONS=1 \
|
||||
CREATE_ADMIN=1 \
|
||||
ADMIN_USERNAME=admin \
|
||||
ADMIN_PASSWORD=miniflux \
|
||||
PROXY_IMAGES=all \
|
||||
POLLING_FREQUENCY=15 \
|
||||
POLLING_PARSING_ERROR_LIMIT=8
|
||||
|
||||
RUN set -eux &&\
|
||||
apk --no-cache upgrade &&\
|
||||
apk --no-cache add curl ca-certificates &&\
|
||||
curl -sSLo /usr/local/bin/miniflux https://github.com/miniflux/v2/releases/download/${MINIFLUX_VERSION}/miniflux-linux-amd64 &&\
|
||||
chown root:root /usr/local/bin/miniflux &&\
|
||||
chmod 755 /usr/local/bin/miniflux &&\
|
||||
addgroup -g 8085 miniflux &&\
|
||||
adduser --system --ingroup miniflux --disabled-password --uid 8085 --shell /sbin/nologin miniflux
|
||||
|
||||
EXPOSE 8085
|
||||
USER miniflux
|
||||
CMD ["miniflux"]
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
vault write database/roles/miniflux \
|
||||
db_name="postgres" \
|
||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||
GRANT \"miniflux\" TO \"{{name}}\"; \
|
||||
ALTER ROLE \"{{name}}\" SET role = \"miniflux\"" \
|
||||
default_ttl="12h" \
|
||||
max_ttl="720h"
|
||||
|
|
@ -0,0 +1,138 @@
|
|||
job "miniflux" {
|
||||
|
||||
|
||||
datacenters = ["dc1"]
|
||||
|
||||
|
||||
group "miniflux" {
|
||||
|
||||
count = 1
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
}
|
||||
|
||||
ephemeral_disk {
|
||||
size = 101
|
||||
}
|
||||
|
||||
service {
|
||||
name = "miniflux"
|
||||
port = 8085
|
||||
|
||||
|
||||
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
upstreams {
|
||||
destination_name = "postgres"
|
||||
local_bind_port = 5432
|
||||
}
|
||||
}
|
||||
}
|
||||
sidecar_task {
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 64
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
check {
|
||||
type = "http"
|
||||
path = "/healthcheck"
|
||||
expose = true
|
||||
interval = "10s"
|
||||
timeout = "3s"
|
||||
|
||||
check_restart {
|
||||
limit = 20
|
||||
grace = "20s"
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.miniflux.rule=Host(`flux.example.org`)",
|
||||
"traefik.http.routers.miniflux.entrypoints=https",
|
||||
"traefik.http.routers.miniflux.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file",
|
||||
]
|
||||
}
|
||||
|
||||
# wait for required services tp be ready before starting the main task
|
||||
task "wait-for" {
|
||||
|
||||
driver = "docker"
|
||||
user = 1053
|
||||
|
||||
config {
|
||||
image = "danielberteaud/wait-for:24.1-1"
|
||||
readonly_rootfs = true
|
||||
pids_limit = 20
|
||||
}
|
||||
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
}
|
||||
|
||||
env {
|
||||
SERVICE_0 = "master.postgres.service.consul"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 10
|
||||
memory = 10
|
||||
memory_max = 30
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
task "miniflux" {
|
||||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "danielberteaud/miniflux:2.0.51-1"
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["miniflux"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
env {
|
||||
LISTEN_ADDR = "127.0.0.1:8085"
|
||||
BASE_URL = "https://flux.example.org"
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Use a template block instead of env {} so we can fetch values from vault
|
||||
template {
|
||||
data = <<_EOT
|
||||
DATABASE_URL=postgresql://{{ with secret "database/creds/miniflux" }}{{ .Data.username }}:{{ urlquery .Data.password }}{{ end }}@localhost:5432/miniflux?sslmode=disable
|
||||
LANG=fr_FR.utf8
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
perms = 400
|
||||
env = true
|
||||
}
|
||||
|
||||
|
||||
resources {
|
||||
cpu = 50
|
||||
memory = 192
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
|
||||
|
||||
if [ "miniflux" != "miniflux" ]; then
|
||||
for DIR in vault consul nomad; do
|
||||
if [ -d output/${DIR} ]; then
|
||||
for FILE in $(find output/${DIR} -name "*miniflux*.hcl" -type f); do
|
||||
NEW_FILE=$(echo "${FILE}" | sed -E "s/miniflux/miniflux/g")
|
||||
mv "${FILE}" "${NEW_FILE}"
|
||||
done
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
path "kv/data/service/miniflux" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
path "database/creds/miniflux" {
|
||||
capabilities = ["read"]
|
||||
}
|
Loading…
Reference in New Issue