vaultwarden/vaultwarden.nomad.hcl

[[ $c := merge .vaultwarden.server .vaultwarden . -]]
job "[[ .instance ]]" {

[[ template "common/job_start" $c ]]

  group "vaultwarden" {
    count = [[ $c.count ]]

    network {
      mode = "bridge"
    }

[[ template "common/volumes" $c.volumes ]]

    service {
      name = "[[ .instance ]][[ .consul.suffix ]]"
      port = 8234

[[ template "common/connect" $c ]]

      check {
        type     = "http"
        path     = "/alive"
        expose   = true
[[ template "common/check_settings" $c ]]

        check_restart {
          limit = 20
          grace = "20s"
        }
      }

      tags = [
[[- $a := merge .vaultwarden.admin .vaultwarden . ]]
[[ template "common/traefik_tags" $a ]]
[[ template "common/traefik_tags" $c ]]
      ]
    }

[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgpooler" $c ]]

    task "vaultwarden" {
      driver = [[ $c.nomad.driver | toJSON ]]
      user   = 8234

      config {
        image           = [[ $c.image | toJSON ]]
        pids_limit      = 100
        readonly_rootfs = true
      }

[[ template "common/vault.policies" $c ]]
[[ template "common/artifacts" $c ]]

      env {
        ROCKET_ADDRESS        = "127.0.0.1"
        ROCKET_PORT           = 8234
        IP_HEADER             = "X-Forwarded-for"
        DOMAIN                = [[ $c.public_url | toJSON ]]
        DB_CONNECTION_RETRIES = 0
      }

      template {
        data =<<_EOT
[[- if ne $c.postgres.pooler.engine "none" ]]
DATABASE_URL=postgresql://[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@localhost:[[ $c.postgres.pooler.port ]]/[[ $c.postgres.database ]]
[[- else ]]
DATABASE_URL=postgresql://[[ $c.postgres.user ]]:[[ $c.postgres.password | regexp.Replace "\\.Data\\.password" "urlquery .Data.password" ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]]
[[- end ]]
_EOT
        destination = "secrets/.db.env"
        perms       = 400
        env         = true
      }

[[ template "common/file_env" $c ]]

      volume_mount {
        volume      = "data"
        destination = "/data"
      }

[[ template "common/resources" $c.resources ]]
    }
  }
}
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`[[ $c := merge .vaultwarden.server .vaultwarden . -]]`
Cleanup 2023-12-21 23:32:14 +01:00			`job "[[ .instance ]]" {`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
Cleanup 2023-12-21 23:32:14 +01:00			`[[ template "common/job_start" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`group "vaultwarden" {`
			`count = [[ $c.count ]]`

			`network {`
			`mode = "bridge"`
			`}`

Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`[[ template "common/volumes" $c.volumes ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`service {`
Cleanup 2023-12-21 23:32:14 +01:00			`name = "[[ .instance ]][[ .consul.suffix ]]"`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`port = 8234`

Cleanup 2023-12-21 23:32:14 +01:00			`[[ template "common/connect" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`check {`
			`type = "http"`
			`path = "/alive"`
			`expose = true`
Use check_settings template 2024-05-12 21:26:59 +02:00			`[[ template "common/check_settings" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`check_restart {`
			`limit = 20`
			`grace = "20s"`
			`}`
			`}`

			`tags = [`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`[[- $a := merge .vaultwarden.admin .vaultwarden . ]]`
Use traefik_tags template 2024-01-27 00:11:39 +01:00			`[[ template "common/traefik_tags" $a ]]`
			`[[ template "common/traefik_tags" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`]`
			`}`

Cleanup 2023-12-21 23:32:14 +01:00			`[[ template "common/task.wait_for" $c ]]`
Update pgpooler template 2024-01-15 21:34:12 +01:00			`[[ template "common/task.pgpooler" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`task "vaultwarden" {`
			`driver = [[ $c.nomad.driver \| toJSON ]]`
			`user = 8234`

			`config {`
			`image = [[ $c.image \| toJSON ]]`
			`pids_limit = 100`
			`readonly_rootfs = true`
			`}`

Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`[[ template "common/vault.policies" $c ]]`
Add artifacts template 2024-03-27 13:20:27 +01:00			`[[ template "common/artifacts" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`env {`
			`ROCKET_ADDRESS = "127.0.0.1"`
			`ROCKET_PORT = 8234`
			`IP_HEADER = "X-Forwarded-for"`
			`DOMAIN = [[ $c.public_url \| toJSON ]]`
			`DB_CONNECTION_RETRIES = 0`
			`}`

Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`template {`
			`data =<<_EOT`
			`[[- if ne $c.postgres.pooler.engine "none" ]]`
Use configured port for postgress pooler 2024-01-19 15:19:20 +01:00			`DATABASE_URL=postgresql://[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@localhost:[[ $c.postgres.pooler.port ]]/[[ $c.postgres.database ]]`
Support postgres_pooler and add rendered example 2024-01-12 22:42:09 +01:00			`[[- else ]]`
			`DATABASE_URL=postgresql://[[ $c.postgres.user ]]:[[ $c.postgres.password \| regexp.Replace "\\.Data\\.password" "urlquery .Data.password" ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]]`
			`[[- end ]]`
			`_EOT`
			`destination = "secrets/.db.env"`
			`perms = 400`
			`env = true`
			`}`

Update to 1.30.5 2024-03-02 22:13:47 +01:00			`[[ template "common/file_env" $c ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00
			`volume_mount {`
			`volume = "data"`
			`destination = "/data"`
			`}`

Cleanup 2023-12-21 23:32:14 +01:00			`[[ template "common/resources" $c.resources ]]`
Vaultwarden bundle 2023-11-01 22:51:13 +01:00			`}`
			`}`
			`}`