[[ $c := merge .vaultwarden.server .vaultwarden . -]] job "[[ .instance ]]" { [[ template "common/job_start" $c ]] group "vaultwarden" { count = [[ $c.count ]] network { mode = "bridge" } [[ template "common/volumes" $c.volumes ]] service { name = "[[ .instance ]][[ .consul.suffix ]]" port = 8234 [[ template "common/connect" $c ]] check { type = "http" path = "/alive" expose = true [[ template "common/check_settings" $c ]] check_restart { limit = 20 grace = "20s" } } tags = [ [[- $a := merge .vaultwarden.admin .vaultwarden . ]] [[ template "common/traefik_tags" $a ]] [[ template "common/traefik_tags" $c ]] ] } [[ template "common/task.wait_for" $c ]] [[ template "common/task.pgpooler" $c ]] task "vaultwarden" { driver = [[ $c.nomad.driver | toJSON ]] user = 8234 config { image = [[ $c.image | toJSON ]] pids_limit = 100 readonly_rootfs = true } [[ template "common/vault.policies" $c ]] [[ template "common/artifacts" $c ]] env { ROCKET_ADDRESS = "127.0.0.1" ROCKET_PORT = 8234 IP_HEADER = "X-Forwarded-for" DOMAIN = [[ $c.public_url | toJSON ]] DB_CONNECTION_RETRIES = 0 } template { data =<<_EOT [[- if ne $c.postgres.pooler.engine "none" ]] DATABASE_URL=postgresql://[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@localhost:[[ $c.postgres.pooler.port ]]/[[ $c.postgres.database ]] [[- else ]] DATABASE_URL=postgresql://[[ $c.postgres.user ]]:[[ $c.postgres.password | regexp.Replace "\\.Data\\.password" "urlquery .Data.password" ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]] [[- end ]] _EOT destination = "secrets/.db.env" perms = 400 env = true } [[ template "common/file_env" $c ]] volume_mount { volume = "data" destination = "/data" } [[ template "common/resources" $c.resources ]] } } }