This commit is contained in:
Daniel Berteaud 2023-12-21 23:11:56 +01:00
parent 43fb1de138
commit b36f610796
8 changed files with 30 additions and 30 deletions

View File

@ -1,3 +1,3 @@
Kind = "service-defaults"
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
Name = "[[ .instance ]][[ .consul.suffix ]]"
Protocol = "http"

View File

@ -1,8 +1,8 @@
Kind = "service-intentions"
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
Name = "[[ .instance ]][[ .consul.suffix ]]"
Sources = [
{
Name = "[[ .traefik.instance ]]"
Name = "[[ (merge .paperless .).traefik.instance ]]"
Permissions = [
{
Action = "allow"

View File

@ -2,7 +2,7 @@
set -euo pipefail
[[- template "common/vault.mkpgrole.sh.tpl"
[[- template "common/vault.mkpgrole.sh"
dict "ctx" .
"config" (dict "role" .paperless.instance "database" "postgres")
"config" (dict "role" .instance "database" "postgres")
]]

View File

@ -1,6 +1,6 @@
[[ $c := merge .paperless . -]]
job "[[ .paperless.instance ]]" {
job "[[ .instance ]]" {
[[ template "common/job_start" $c ]]
@ -30,7 +30,7 @@ job "[[ .paperless.instance ]]" {
[[- end ]]
service {
name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8994
[[ template "common/connect" $c ]]
@ -38,14 +38,14 @@ job "[[ .paperless.instance ]]" {
[[ $c = merge .paperless.webserver . ]]
tags = [
"[[ $c.traefik.instance ]].enable=[[ if $c.traefik.enabled ]]true[[ else ]]false[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
"[[ $c.traefik.instance ]].http.middlewares.[[ .paperless.instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ .paperless.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
[[- else ]]
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]",
[[- end ]]
]
}
@ -63,7 +63,7 @@ job "[[ .paperless.instance ]]" {
}
vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
@ -106,7 +106,7 @@ job "[[ .paperless.instance ]]" {
}
vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
@ -148,7 +148,7 @@ job "[[ .paperless.instance ]]" {
}
vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
@ -189,7 +189,7 @@ job "[[ .paperless.instance ]]" {
}
vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}

View File

@ -1 +1 @@
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "paperless" .paperless.instance) ]]
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "paperless" .instance) ]]

View File

@ -4,14 +4,14 @@ set -euo pipefail
# Initialize random passwords if needed
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .paperless.instance ]]$'; then
vault kv put [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .instance ]]$'; then
vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] \
secret_key=$(pwgen -s -n 50 1)
fi
for PWD in secret_key; do
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] >/dev/null 2>&1; then
vault kv patch [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .instance ]] >/dev/null 2>&1; then
vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] \
${PWD}=$(pwgen -s -n 50 1)
fi
done

View File

@ -1,9 +1,9 @@
---
paperless:
# Name of the instance (job and service name)
instance: paperless
# Name of the instance (job and service name)
instance: paperless
paperless:
# Connect to the postgres service through the mesh
consul:
@ -15,10 +15,10 @@ paperless:
# Env var to set in the containers
# The ones here will be inherited by all containers
env:
PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.username }}{{ end }}'
PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.password }}{{ end }}'
PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .paperless.instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
PAPERLESS_DBNAME: '[[ .paperless.instance ]]'
PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
PAPERLESS_DBNAME: '[[ .instance ]]'
PAPERLESS_CORS_ALLOWED_HOSTS: '[[ .paperless.webserver.public_url ]]'
PAPERLESS_URL: '[[ .paperless.webserver.public_url ]]'
PAPERLESS_CONVERT_TMPDIR: /alloc/data

View File

@ -1,7 +1,7 @@
path "[[ .vault.prefix ]]kv/data/service/[[ .paperless.instance ]]" {
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
capabilities = ["read"]
}
path "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" {
path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
capabilities = ["read"]
}