Add artifacts template

Update rendered example
2024-03-27 13:20:27 +01:00 · 2024-03-05 14:47:26 +01:00
7 changed files with 14 additions and 7 deletions
--- a/example/images/vaultwarden/Dockerfile
+++ b/example/images/vaultwarden/Dockerfile
@ -34,7 +34,7 @@ RUN set -euxo pipefail &&\
    mv web-vault / &&\
    chown -R root:root /web-vault

-FROM danielberteaud/alpine:24.2-1
+FROM danielberteaud/alpine:24.3-1
 MAINTAINER Daniel Berteaud <dbd@ehtrace.com>

 ENV ROCKET_PROFILE=release \
--- a/example/init/vault-database
+++ b/example/init/vault-database
@ -2,7 +2,7 @@

 set -euo pipefail

-vault write /database/roles/vaultwarden \
+vault write database/roles/vaultwarden \
    db_name="postgres" \
    creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
        GRANT \"vaultwarden\" TO \"{{name}}\"; \
--- a/example/prep.d/10-vaultwarden-rand-secrets
+++ b/example/prep.d/10-vaultwarden-rand-secrets
@ -5,7 +5,7 @@ set -euo pipefail
 # vim: syntax=sh

 export LC_ALL=C
-VAULT_KV_PATH=/kv/service/vaultwarden
+VAULT_KV_PATH=kv/service/vaultwarden
 RAND_CMD="tr -dc A-Za-z0-9\-_\/=~\.+ < /dev/urandom | head -c 50"
 if ! vault kv list $(dirname ${VAULT_KV_PATH}) 2>/dev/null | grep -q -E "^$(basename ${VAULT_KV_PATH})\$"; then
  vault kv put ${VAULT_KV_PATH} \
--- a/example/vault/policies/vaultwarden.hcl
+++ b/example/vault/policies/vaultwarden.hcl
@ -1,7 +1,7 @@
-path "/kv/data/service/vaultwarden" {
+path "kv/data/service/vaultwarden" {
  capabilities = ["read"]
 }

-path "/database/creds/vaultwarden" {
+path "database/creds/vaultwarden" {
  capabilities = ["read"]
 }
--- a/example/vaultwarden.nomad.hcl
+++ b/example/vaultwarden.nomad.hcl
@ -5,6 +5,8 @@ job "vaultwarden" {
  region      = "global"


+
+
  group "vaultwarden" {
    count = 1

@ -104,7 +106,7 @@ job "vaultwarden" {
      user   = 1053

      config {
-        image           = "danielberteaud/wait-for:24.2-1"
+        image           = "danielberteaud/wait-for:24.3-1"
        readonly_rootfs = true
        pids_limit      = 20
      }
@ -147,6 +149,8 @@ job "vaultwarden" {
      }


+
+
      env {
        ROCKET_ADDRESS        = "127.0.0.1"
        ROCKET_PORT           = 8234
@ -157,13 +161,15 @@ job "vaultwarden" {

      template {
        data        = <<_EOT
-DATABASE_URL=postgresql://{{ with secret "/database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "/database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
+DATABASE_URL=postgresql://{{ with secret "database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
 _EOT
        destination = "secrets/.db.env"
        perms       = 400
        env         = true
      }

+
+
      # Use a template block instead of env {} so we can fetch values from vault
      template {
        data        = <<_EOT
--- a/prep.d/10-vaultwarden-rand-secrets
+++ b/prep.d/10-vaultwarden-rand-secrets
--- a/vaultwarden.nomad.hcl
+++ b/vaultwarden.nomad.hcl
@ -52,6 +52,7 @@ job "[[ .instance ]]" {
      }

 [[ template "common/vault.policies" $c ]]
+[[ template "common/artifacts" $c ]]

      env {
        ROCKET_ADDRESS        = "127.0.0.1"
Author	SHA1	Message	Date
Daniel Berteaud	5f8a25a2a7	Add artifacts template	2024-03-27 13:20:27 +01:00
Daniel Berteaud	014b6db6c1	Update rendered example	2024-03-05 14:47:26 +01:00