Add comment + minor fixes

2023-11-18 23:19:27 +01:00 · 2023-11-18 23:19:27 +01:00 · 9db3a2eebf
parent f98a84b6ed
commit 9db3a2eebf
3 changed files with 33 additions and 7 deletions
--- a/variables.yml
+++ b/variables.yml
@ -1,23 +1,37 @@
 ---

 vaultwarden:
+  # Name of this instance (job and service name)
  instance: vaultwarden
+
+  # Server settings
  server:
+
+    # Number of instances to run
    count: 1
+
+    # DOcker image to use
    image: vaultwarden/server:1.30.0-alpine
    #image: danielberteaud/vaultwarden:1.30.0-1
+
+    # List of features to enable when building image
+    # (not used for now)
    features:
      - postgresql
+
+    # Resources allocation
    resources:
-      cpu: 80
+      cpu: 300
      memory: 128

+    # Consul settings
    consul:
      connect:
        upstreams:
          - service_name: '[[ .mail.smtp_service_name ]]'
            local_bind_port: 25

+    # Environment variables to set in the container
    env:
      ORG_EVENTS_ENABLED: 'true'
      EVENTS_DAYS_RETAIN: 720
@ -30,12 +44,19 @@ vaultwarden:
      INCOMPLETE_2FA_TIME_LIMIT: 5
      USER_ATTACHMENT_LIMIT: 204800
  
+    # Public URL of the service
    public_url: https://vaultwarden.example.org/
-    traefik:
-      middlewares: []
+
+    # Traefik settings
+    traefik: {}
+
+  # Settings for the /admin interface
+  # Note that this interface is disabled unless ADMIN_TOKEN env var is set
  admin:
-    traefik:
-      middlewares: []
+    # If enabled, we can set specific Traefik middlewares
+    traefik: {}
+
+  # Volumes for data persistance
  volumes:
    data:
      type: csi
--- a/vault/policies/vaultwarden.hcl
+++ b/vault/policies/vaultwarden.hcl
@ -1,4 +1,7 @@
-[[ $c := merge .vaultwarden . ]]
-path "[[ $c.vault.prefix ]]database/creds/[[ $c.instance ]]" {
+path "[[ .vault.prefix ]]kv/data/service/[[ .vaultwarden.instance ]]" {
+  capabilities = ["read"]
+}
+
+path "[[ .vault.prefix ]]database/creds/[[ .vaultwarden.instance ]]" {
  capabilities = ["read"]
 }
--- a/vaultwarden.nomad.hcl
+++ b/vaultwarden.nomad.hcl
@ -13,8 +13,10 @@ job "[[ .vaultwarden.instance ]]" {
    volume "data" {
      type            = [[ .vaultwarden.volumes.data.type | toJSON ]]
      source          = [[ .vaultwarden.volumes.data.source | toJSON ]]
+[[- if ne .vaultwarden.volumes.data.type "host" ]]
      attachment_mode = "file-system"
      access_mode     = "multi-node-multi-writer"
+[[- end ]]
    }

    service {