89 lines
2.3 KiB
HCL
89 lines
2.3 KiB
HCL
[[ $c := merge .vaultwarden.server .vaultwarden . -]]
|
|
job "[[ .instance ]]" {
|
|
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "vaultwarden" {
|
|
[[ template "common/group_start" $c ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
[[- if conv.ToBool $c.metrics.enabled ]]
|
|
port "metrics" {}
|
|
[[- end ]]
|
|
}
|
|
|
|
[[ template "common/volumes" $c ]]
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
|
port = 8234
|
|
|
|
[[ template "common/service_meta" $c ]]
|
|
[[ template "common/connect" $c ]]
|
|
|
|
check {
|
|
type = "http"
|
|
path = "/alive"
|
|
expose = true
|
|
[[ template "common/check_settings" $c ]]
|
|
|
|
check_restart {
|
|
limit = 20
|
|
grace = "20s"
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
[[- $a := merge .vaultwarden.admin .vaultwarden . ]]
|
|
[[ template "common/traefik_tags" $a ]]
|
|
[[ template "common/traefik_tags" $c ]]
|
|
]
|
|
}
|
|
|
|
[[ template "common/task.wait_for" $c ]]
|
|
[[ template "common/task.chown_volume" $c ]]
|
|
[[ template "common/task.pgpooler" $c ]]
|
|
[[ template "common/task.metrics_proxy" $c ]]
|
|
[[ template "common/task.proxmox_backup" $c ]]
|
|
|
|
task "vaultwarden" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
user = "8234:8234"
|
|
|
|
config {
|
|
[[ template "common/image" $c ]]
|
|
pids_limit = 500
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
[[ template "common/artifacts" $c ]]
|
|
|
|
env {
|
|
ROCKET_ADDRESS = "127.0.0.1"
|
|
ROCKET_PORT = 8234
|
|
IP_HEADER = "X-Forwarded-for"
|
|
DOMAIN = [[ $c.public_url | toJSON ]]
|
|
DB_CONNECTION_RETRIES = 0
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[- if ne $c.postgres.pooler.engine "none" ]]
|
|
DATABASE_URL=postgresql://[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@localhost:[[ $c.postgres.pooler.port ]]/[[ $c.postgres.database ]]
|
|
[[- else ]]
|
|
DATABASE_URL=postgresql://[[ $c.postgres.user ]]:[[ $c.postgres.password | regexp.Replace "\\.Data\\.password" "urlquery .Data.password" ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/.db.env"
|
|
perms = 400
|
|
env = true
|
|
}
|
|
|
|
[[ template "common/file_env" $c ]]
|
|
[[ template "common/volumes_mount" $c ]]
|
|
[[ template "common/resources" $c.resources ]]
|
|
}
|
|
}
|
|
}
|