Update rendered example
This commit is contained in:
parent
4a8d532628
commit
707046a0b4
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
vault write /database/roles/paperless \
|
||||
vault write database/roles/paperless \
|
||||
db_name="postgres" \
|
||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||
GRANT \"paperless\" TO \"{{name}}\"; \
|
||||
|
|
|
|||
|
|
@ -174,7 +174,7 @@ _EOT
|
|||
data = <<_EOT
|
||||
LANG=fr_FR.utf8
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.example.org
|
||||
PAPERLESS_SECRET_KEY={{ with secret "/kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
PAPERLESS_SECRET_KEY={{ with secret "kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
|
|
@ -187,8 +187,8 @@ _EOT
|
|||
data = <<_EOT
|
||||
PAPERLESS_DBHOST=127.0.0.1
|
||||
PAPERLESS_DBPORT=5432
|
||||
PAPERLESS_DBUSER={{ with secret "/database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "/database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
PAPERLESS_DBUSER={{ with secret "database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
perms = 400
|
||||
|
|
@ -248,7 +248,7 @@ _EOT
|
|||
data = <<_EOT
|
||||
LANG=fr_FR.utf8
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.example.org
|
||||
PAPERLESS_SECRET_KEY={{ with secret "/kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
PAPERLESS_SECRET_KEY={{ with secret "kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
|
|
@ -261,8 +261,8 @@ _EOT
|
|||
data = <<_EOT
|
||||
PAPERLESS_DBHOST=127.0.0.1
|
||||
PAPERLESS_DBPORT=5432
|
||||
PAPERLESS_DBUSER={{ with secret "/database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "/database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
PAPERLESS_DBUSER={{ with secret "database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
perms = 400
|
||||
|
|
@ -324,7 +324,7 @@ _EOT
|
|||
data = <<_EOT
|
||||
LANG=fr_FR.utf8
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.example.org
|
||||
PAPERLESS_SECRET_KEY={{ with secret "/kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
PAPERLESS_SECRET_KEY={{ with secret "kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
|
|
@ -337,8 +337,8 @@ _EOT
|
|||
data = <<_EOT
|
||||
PAPERLESS_DBHOST=127.0.0.1
|
||||
PAPERLESS_DBPORT=5432
|
||||
PAPERLESS_DBUSER={{ with secret "/database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "/database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
PAPERLESS_DBUSER={{ with secret "database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
perms = 400
|
||||
|
|
@ -400,7 +400,7 @@ _EOT
|
|||
data = <<_EOT
|
||||
LANG=fr_FR.utf8
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS=https://paperless.example.org
|
||||
PAPERLESS_SECRET_KEY={{ with secret "/kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
PAPERLESS_SECRET_KEY={{ with secret "kv/service/paperless" }}{{ .Data.data.secret_key }}{{ end }}
|
||||
TZ=Europe/Paris
|
||||
_EOT
|
||||
destination = "secrets/.env"
|
||||
|
|
@ -413,8 +413,8 @@ _EOT
|
|||
data = <<_EOT
|
||||
PAPERLESS_DBHOST=127.0.0.1
|
||||
PAPERLESS_DBPORT=5432
|
||||
PAPERLESS_DBUSER={{ with secret "/database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "/database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
PAPERLESS_DBUSER={{ with secret "database/creds/paperless" }}{{ .Data.username }}{{ end }}
|
||||
PAPERLESS_DBPASS={{ with secret "database/creds/paperless" }}{{ .Data.password }}{{ end }}
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
perms = 400
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
|||
# vim: syntax=sh
|
||||
|
||||
export LC_ALL=C
|
||||
VAULT_KV_PATH=/kv/service/paperless
|
||||
VAULT_KV_PATH=kv/service/paperless
|
||||
RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
|
||||
if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
|
||||
vault kv put ${VAULT_KV_PATH} \
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
path "/kv/data/service/paperless" {
|
||||
path "kv/data/service/paperless" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "/database/creds/paperless" {
|
||||
path "database/creds/paperless" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue