nomad
/
vaultwarden
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vaultwarden/vaultwarden.nomad.hcl

89 lines
2.1 KiB
HCL
Raw Permalink Blame History

[[ $c := merge .vaultwarden.server .vaultwarden . -]]
job "[[ .instance ]]" {
[[ template "common/job_start" $c ]]
group "vaultwarden" {
count = [[ $c.count ]]
network {
mode = "bridge"
}
[[ template "common/volumes" $c.volumes ]]
service {
name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8234
[[ template "common/connect" $c ]]
check {
type = "http"
path = "/alive"
expose = true
interval = "5s"
timeout = "3s"
check_restart {
limit = 20
grace = "20s"
}
}
tags = [
[[- $a := merge .vaultwarden.admin .vaultwarden . ]]
[[ template "common/traefik_tags" $a ]]
[[ template "common/traefik_tags" $c ]]
]
}
[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgpooler" $c ]]
task "vaultwarden" {
driver = [[ $c.nomad.driver | toJSON ]]
user = 8234
config {
image = [[ $c.image | toJSON ]]
pids_limit = 100
readonly_rootfs = true
}
[[ template "common/vault.policies" $c ]]
[[ template "common/artifacts" $c ]]
env {
ROCKET_ADDRESS = "127.0.0.1"
ROCKET_PORT = 8234
IP_HEADER = "X-Forwarded-for"
DOMAIN = [[ $c.public_url | toJSON ]]
DB_CONNECTION_RETRIES = 0
}
template {
data =<<_EOT
[[- if ne $c.postgres.pooler.engine "none" ]]
DATABASE_URL=postgresql://[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@localhost:[[ $c.postgres.pooler.port ]]/[[ $c.postgres.database ]]
[[- else ]]
DATABASE_URL=postgresql://[[ $c.postgres.user ]]:[[ $c.postgres.password | regexp.Replace "\\.Data\\.password" "urlquery .Data.password" ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]]
[[- end ]]
_EOT
destination = "secrets/.db.env"
perms = 400
env = true
}
[[ template "common/file_env" $c ]]
volume_mount {
volume = "data"
destination = "/data"
}
[[ template "common/resources" $c.resources ]]
}
}
}
Reference in New Issue View Git Blame Copy Permalink