nomad
/
paperless-ngx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

This commit is contained in:
Daniel Berteaud 2023-12-21 23:11:56 +01:00
parent 43fb1de138
commit b36f610796
8 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
consul/config/service-defaults/paperless.hcl
View File

@ -1,3 +1,3 @@
Kind = "service-defaults" Kind = "service-defaults"
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]" Name = "[[ .instance ]][[ .consul.suffix ]]"
Protocol = "http" Protocol = "http"

4
consul/config/service-intentions/paperless.hcl
View File

@ -1,8 +1,8 @@
Kind = "service-intentions" Kind = "service-intentions"
Name = "[[ .paperless.instance ]][[ .consul.suffix ]]" Name = "[[ .instance ]][[ .consul.suffix ]]"
Sources = [ Sources = [
{ {
Name = "[[ .traefik.instance ]]" Name = "[[ (merge .paperless .).traefik.instance ]]"
Permissions = [ Permissions = [
{ {
Action = "allow" Action = "allow"

4
init/vault-database
View File

@ -2,7 +2,7 @@
set -euo pipefail set -euo pipefail
[[- template "common/vault.mkpgrole.sh.tpl" [[- template "common/vault.mkpgrole.sh"
dict "ctx" . dict "ctx" .
"config" (dict "role" .paperless.instance "database" "postgres") "config" (dict "role" .instance "database" "postgres")
]] ]]

22
paperless-ngx.nomad.hcl
View File

@ -1,6 +1,6 @@
[[ $c := merge .paperless . -]] [[ $c := merge .paperless . -]]
job "[[ .paperless.instance ]]" { job "[[ .instance ]]" {
[[ template "common/job_start" $c ]] [[ template "common/job_start" $c ]]
@ -30,7 +30,7 @@ job "[[ .paperless.instance ]]" {
[[- end ]] [[- end ]]
service { service {
name = "[[ .paperless.instance ]][[ .consul.suffix ]]" name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8994 port = 8994
[[ template "common/connect" $c ]] [[ template "common/connect" $c ]]
@ -38,14 +38,14 @@ job "[[ .paperless.instance ]]" {
[[ $c = merge .paperless.webserver . ]] [[ $c = merge .paperless.webserver . ]]
tags = [ tags = [
"[[ $c.traefik.instance ]].enable=[[ if $c.traefik.enabled ]]true[[ else ]]false[[ end ]]", "[[ $c.traefik.instance ]].enable=[[ if $c.traefik.enabled ]]true[[ else ]]false[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]", [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]", "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] [[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
"[[ $c.traefik.instance ]].http.middlewares.[[ .paperless.instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]", "[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .paperless.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ .paperless.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]", "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares" $c.traefik ]]",
[[- else ]] [[- else ]]
"[[ $c.traefik.instance ]].http.routers.[[ .paperless.instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]", "[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $c.traefik ]]",
[[- end ]] [[- end ]]
] ]
} }
@ -63,7 +63,7 @@ job "[[ .paperless.instance ]]" {
} }
vault { vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false env = false
disable_file = true disable_file = true
} }
@ -106,7 +106,7 @@ job "[[ .paperless.instance ]]" {
} }
vault { vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false env = false
disable_file = true disable_file = true
} }
@ -148,7 +148,7 @@ job "[[ .paperless.instance ]]" {
} }
vault { vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false env = false
disable_file = true disable_file = true
} }
@ -189,7 +189,7 @@ job "[[ .paperless.instance ]]" {
} }
vault { vault {
policies = ["[[ .paperless.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false env = false
disable_file = true disable_file = true
} }

2
prep.d/10-mv-conf.sh
View File

@ -1 +1 @@
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "paperless" .paperless.instance) ]] [[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "paperless" .instance) ]]

8
prep.d/10-rand-pwd.sh
View File

@ -4,14 +4,14 @@ set -euo pipefail
# Initialize random passwords if needed # Initialize random passwords if needed
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .paperless.instance ]]$'; then if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .instance ]]$'; then
vault kv put [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \ vault kv put [[ .vault.prefix ]]kv/service/[[ .instance ]] \
secret_key=$(pwgen -s -n 50 1) secret_key=$(pwgen -s -n 50 1)
fi fi
for PWD in secret_key; do for PWD in secret_key; do
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] >/dev/null 2>&1; then if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .instance ]] >/dev/null 2>&1; then
vault kv patch [[ .vault.prefix ]]kv/service/[[ .paperless.instance ]] \ vault kv patch [[ .vault.prefix ]]kv/service/[[ .instance ]] \
${PWD}=$(pwgen -s -n 50 1) ${PWD}=$(pwgen -s -n 50 1)
fi fi
done done

14
variables.yml
View File

@ -1,9 +1,9 @@
--- ---
paperless: # Name of the instance (job and service name)
instance: paperless
# Name of the instance (job and service name) paperless:
instance: paperless
# Connect to the postgres service through the mesh # Connect to the postgres service through the mesh
consul: consul:
@ -15,10 +15,10 @@ paperless:
# Env var to set in the containers # Env var to set in the containers
# The ones here will be inherited by all containers # The ones here will be inherited by all containers
env: env:
PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.username }}{{ end }}' PAPERLESS_DBUSER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" }}{{ .Data.password }}{{ end }}' PAPERLESS_DBPASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .paperless.instance ]]" }}{{ .Data.data.secret_key }}{{ end }}' PAPERLESS_SECRET_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
PAPERLESS_DBNAME: '[[ .paperless.instance ]]' PAPERLESS_DBNAME: '[[ .instance ]]'
PAPERLESS_CORS_ALLOWED_HOSTS: '[[ .paperless.webserver.public_url ]]' PAPERLESS_CORS_ALLOWED_HOSTS: '[[ .paperless.webserver.public_url ]]'
PAPERLESS_URL: '[[ .paperless.webserver.public_url ]]' PAPERLESS_URL: '[[ .paperless.webserver.public_url ]]'
PAPERLESS_CONVERT_TMPDIR: /alloc/data PAPERLESS_CONVERT_TMPDIR: /alloc/data

4
vault/policies/paperless.hcl
View File

@ -1,7 +1,7 @@
path "[[ .vault.prefix ]]kv/data/service/[[ .paperless.instance ]]" { path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
capabilities = ["read"] capabilities = ["read"]
} }
path "[[ .vault.prefix ]]database/creds/[[ .paperless.instance ]]" { path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
capabilities = ["read"] capabilities = ["read"]
} }