Cleanup
This commit is contained in:
parent
43fb1de138
commit
b36f610796
|
|
@ -1,3 +1,3 @@
|
|||
Kind = "service-defaults"
|
||||
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
|
||||
Name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||
Protocol = "http"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
Kind = "service-intentions"
|
||||
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
|
||||
Name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ .traefik.instance ]]"
|
||||
Name = "[[ (merge .paperless .).traefik.instance ]]"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
[[- template "common/vault.mkpgrole.sh.tpl"
|
||||
[[- template "common/vault.mkpgrole.sh"
|
||||
dict "ctx" .
|
||||
"config" (dict "role" .paperless.instance "database" "postgres")
|
||||
"config" (dict "role" .instance "database" "postgres")
|
||||
]]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
[[ $c := merge .paperless . -]]
|
||||
|
||||
job "[[ .paperless.instance ]]" {
|
||||
job "[[ .instance ]]" {
|
||||
|
||||
[[ template "common/job_start" $c ]]
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ job "[[ .paperless.instance ]]" {
|
|||
[[- end ]]
|
||||
|
||||
service {
|
||||
name = "[[ .paperless.instance ]][[ .consul.suffix ]]"
|
||||
name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||
port = 8994
|
||||
|
||||
[[ template "common/connect" $c ]]
|
||||
|
|
@ -38,14 +38,14 @@ job "[[ .paperless.instance ]]" {
|
|||
[[ $c = merge .paperless.webserver . ]]
|
||||
tags = [
|
||||
"[[ $c.traefik.instance ]].enable=[[ if $c.traefik.enabled ]]true[[ else ]]false[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .paperless.instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ .paperless.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]",
|
||||
[[- end ]]
|
||||
]
|
||||
}
|
||||
|
|
@ -63,7 +63,7 @@ job "[[ .paperless.instance ]]" {
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
|
@ -106,7 +106,7 @@ job "[[ .paperless.instance ]]" {
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
|
@ -148,7 +148,7 @@ job "[[ .paperless.instance ]]" {
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
|
@ -189,7 +189,7 @@ job "[[ .paperless.instance ]]" {
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"]
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "paperless" .paperless.instance) ]]
|
||||
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "paperless" .instance) ]]
|
||||
|
|
|
|||
|
|
@ -4,14 +4,14 @@ set -euo pipefail
|
|||
|
||||
# Initialize random passwords if needed
|
||||
|
||||
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .paperless.instance ]]$'; then
|
||||
vault kv put [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \
|
||||
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .instance ]]$'; then
|
||||
vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] \
|
||||
secret_key=$(pwgen -s -n 50 1)
|
||||
fi
|
||||
|
||||
for PWD in secret_key; do
|
||||
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] >/dev/null 2>&1; then
|
||||
vault kv patch [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \
|
||||
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .instance ]] >/dev/null 2>&1; then
|
||||
vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] \
|
||||
${PWD}=$(pwgen -s -n 50 1)
|
||||
fi
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
|
||||
paperless:
|
||||
# Name of the instance (job and service name)
|
||||
instance: paperless
|
||||
|
||||
# Name of the instance (job and service name)
|
||||
instance: paperless
|
||||
paperless:
|
||||
|
||||
# Connect to the postgres service through the mesh
|
||||
consul:
|
||||
|
|
@ -15,10 +15,10 @@ paperless:
|
|||
# Env var to set in the containers
|
||||
# The ones here will be inherited by all containers
|
||||
env:
|
||||
PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .paperless.instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
|
||||
PAPERLESS_DBNAME: '[[ .paperless.instance ]]'
|
||||
PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
|
||||
PAPERLESS_DBNAME: '[[ .instance ]]'
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS: '[[ .paperless.webserver.public_url ]]'
|
||||
PAPERLESS_URL: '[[ .paperless.webserver.public_url ]]'
|
||||
PAPERLESS_CONVERT_TMPDIR: /alloc/data
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
path "[[ .vault.prefix ]]kv/data/service/[[ .paperless.instance ]]" {
|
||||
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" {
|
||||
path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue