nomad
/
vaultwarden
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adapt to new vault common templates

This commit is contained in:
Daniel Berteaud 2024-01-31 10:53:15 +01:00
parent fe7341b2e3
commit 4f6829a4d0
5 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
example/init/vault-vaultwarden
View File

@ -2,7 +2,7 @@
set -euo pipefail
vault write database/roles/vaultwarden \
vault write /database/roles/vaultwarden \
db_name="postgres" \
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
GRANT \"vaultwarden\" TO \"{{name}}\"; \

4
example/vault/policies/vaultwarden.hcl
View File

@ -1,7 +1,7 @@
path "kv/data/service/vaultwarden" {
path "/kv/data/service/vaultwarden" {
capabilities = ["read"]
}
path "database/creds/vaultwarden" {
path "/database/creds/vaultwarden" {
capabilities = ["read"]
}

2
example/vaultwarden.nomad.hcl
View File

@ -153,7 +153,7 @@ job "vaultwarden" {
template {
data = <<_EOT
DATABASE_URL=postgresql://{{ with secret "database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
DATABASE_URL=postgresql://{{ with secret "/database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "/database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
_EOT
destination = "secrets/.db.env"
perms = 400

4
variables.yml
View File

@ -31,8 +31,8 @@ vaultwarden:
# Postgres settings
postgres:
database: '[[ .instance ]]'
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
user: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
password: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
pooler:
mode: session

4
vault/policies/vaultwarden.hcl
View File

@ -1,7 +1,7 @@
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
capabilities = ["read"]
}
path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
path "[[ .vault.root ]]database/creds/[[ .instance ]]" {
capabilities = ["read"]
}