From b36f61079658f095a397c7318172a2cded98fd1e Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 21 Dec 2023 23:11:56 +0100 Subject: [PATCH] Cleanup --- consul/config/service-defaults/paperless.hcl | 2 +- .../config/service-intentions/paperless.hcl | 4 ++-- init/vault-database | 4 ++-- paperless-ngx.nomad.hcl | 22 +++++++++---------- prep.d/10-mv-conf.sh | 2 +- prep.d/10-rand-pwd.sh | 8 +++---- variables.yml | 14 ++++++------ vault/policies/paperless.hcl | 4 ++-- 8 files changed, 30 insertions(+), 30 deletions(-) diff --git a/consul/config/service-defaults/paperless.hcl b/consul/config/service-defaults/paperless.hcl index 2176512..f3ad32f 100644 --- a/consul/config/service-defaults/paperless.hcl +++ b/consul/config/service-defaults/paperless.hcl @@ -1,3 +1,3 @@ Kind = "service-defaults" -Name = "[[ .paperless.instance ]][[ .consul.suffix ]]" +Name = "[[ .instance ]][[ .consul.suffix ]]" Protocol = "http" diff --git a/consul/config/service-intentions/paperless.hcl b/consul/config/service-intentions/paperless.hcl index a7643ed..862fc36 100644 --- a/consul/config/service-intentions/paperless.hcl +++ b/consul/config/service-intentions/paperless.hcl @@ -1,8 +1,8 @@ Kind = "service-intentions" -Name = "[[ .paperless.instance ]][[ .consul.suffix ]]" +Name = "[[ .instance ]][[ .consul.suffix ]]" Sources = [ { - Name = "[[ .traefik.instance ]]" + Name = "[[ (merge .paperless .).traefik.instance ]]" Permissions = [ { Action = "allow" diff --git a/init/vault-database b/init/vault-database index eeeca8a..a44f309 100755 --- a/init/vault-database +++ b/init/vault-database @@ -2,7 +2,7 @@ set -euo pipefail -[[- template "common/vault.mkpgrole.sh.tpl" +[[- template "common/vault.mkpgrole.sh" dict "ctx" . - "config" (dict "role" .paperless.instance "database" "postgres") + "config" (dict "role" .instance "database" "postgres") ]] diff --git a/paperless-ngx.nomad.hcl b/paperless-ngx.nomad.hcl index 4ff986d..9b9f9ce 100644 --- a/paperless-ngx.nomad.hcl +++ b/paperless-ngx.nomad.hcl @@ -1,6 +1,6 @@ [[ $c := merge .paperless . -]] -job "[[ .paperless.instance ]]" { +job "[[ .instance ]]" { [[ template "common/job_start" $c ]] @@ -30,7 +30,7 @@ job "[[ .paperless.instance ]]" { [[- end ]] service { - name = "[[ .paperless.instance ]][[ .consul.suffix ]]" + name = "[[ .instance ]][[ .consul.suffix ]]" port = 8994 [[ template "common/connect" $c ]] @@ -38,14 +38,14 @@ job "[[ .paperless.instance ]]" { [[ $c = merge .paperless.webserver . ]] tags = [ "[[ $c.traefik.instance ]].enable=[[ if $c.traefik.enabled ]]true[[ else ]]false[[ end ]]", - "[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) + "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]", - "[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]", [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] - "[[ $c.traefik.instance ]].http.middlewares.[[ .paperless.instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]", - "[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ .paperless.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]", + "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]", [[- else ]] - "[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]", [[- end ]] ] } @@ -63,7 +63,7 @@ job "[[ .paperless.instance ]]" { } vault { - policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] + policies = ["[[ .instance ]][[ .consul.suffix ]]"] env = false disable_file = true } @@ -106,7 +106,7 @@ job "[[ .paperless.instance ]]" { } vault { - policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] + policies = ["[[ .instance ]][[ .consul.suffix ]]"] env = false disable_file = true } @@ -148,7 +148,7 @@ job "[[ .paperless.instance ]]" { } vault { - policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] + policies = ["[[ .instance ]][[ .consul.suffix ]]"] env = false disable_file = true } @@ -189,7 +189,7 @@ job "[[ .paperless.instance ]]" { } vault { - policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] + policies = ["[[ .instance ]][[ .consul.suffix ]]"] env = false disable_file = true } diff --git a/prep.d/10-mv-conf.sh b/prep.d/10-mv-conf.sh index 50e2451..9bdf5c5 100755 --- a/prep.d/10-mv-conf.sh +++ b/prep.d/10-mv-conf.sh @@ -1 +1 @@ -[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "paperless" .paperless.instance) ]] +[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "paperless" .instance) ]] diff --git a/prep.d/10-rand-pwd.sh b/prep.d/10-rand-pwd.sh index 14145fd..eccbfbb 100755 --- a/prep.d/10-rand-pwd.sh +++ b/prep.d/10-rand-pwd.sh @@ -4,14 +4,14 @@ set -euo pipefail # Initialize random passwords if needed -if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .paperless.instance ]]$'; then - vault kv put [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \ +if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .instance ]]$'; then + vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] \ secret_key=$(pwgen -s -n 50 1) fi for PWD in secret_key; do - if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] >/dev/null 2>&1; then - vault kv patch [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \ + if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .instance ]] >/dev/null 2>&1; then + vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] \ ${PWD}=$(pwgen -s -n 50 1) fi done diff --git a/variables.yml b/variables.yml index a0a611c..fbddaab 100644 --- a/variables.yml +++ b/variables.yml @@ -1,9 +1,9 @@ --- -paperless: +# Name of the instance (job and service name) +instance: paperless - # Name of the instance (job and service name) - instance: paperless +paperless: # Connect to the postgres service through the mesh consul: @@ -15,10 +15,10 @@ paperless: # Env var to set in the containers # The ones here will be inherited by all containers env: - PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.username }}{{ end }}' - PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.password }}{{ end }}' - PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .paperless.instance ]]" }}{{ .Data.data.secret_key }}{{ end }}' - PAPERLESS_DBNAME: '[[ .paperless.instance ]]' + PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}' + PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}' + PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.secret_key }}{{ end }}' + PAPERLESS_DBNAME: '[[ .instance ]]' PAPERLESS_CORS_ALLOWED_HOSTS: '[[ .paperless.webserver.public_url ]]' PAPERLESS_URL: '[[ .paperless.webserver.public_url ]]' PAPERLESS_CONVERT_TMPDIR: /alloc/data diff --git a/vault/policies/paperless.hcl b/vault/policies/paperless.hcl index a5cd8f1..4ec71e1 100644 --- a/vault/policies/paperless.hcl +++ b/vault/policies/paperless.hcl @@ -1,7 +1,7 @@ -path "[[ .vault.prefix ]]kv/data/service/[[ .paperless.instance ]]" { +path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" { capabilities = ["read"] } -path "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" { +path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" { capabilities = ["read"] }