redbrick/nomad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add vaultwarden job (#29)

Browse source 
Co-authored-by: James Hackett <jamesthackett1@gmail.com>
This commit is contained in:
wizzdom 2024-02-20 03:46:31 +00:00 committed by GitHub
parent 8a47822eef
commit fd122c6297
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 68 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
jobs/services/vaultwarden.hcl Normal file
View file

@ -0,0 +1,68 @@
job "vaultwarden" {
datacenters = ["aperture"]
type = "service"
group "vaultwarden" {
count = 1
network {
port "http" {
to = 80
}
}
service {
name = "vaultwarden"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.vaultwarden.rule=Host(`vault.redbrick.dcu.ie`)",
"traefik.http.routers.vaultwarden.entrypoints=websecure",
"traefik.http.routers.vaultwarden.tls.certresolver=lets-encrypt",
]
}
task "vaultwarden" {
driver = "docker"
config {
image = "vaultwarden/server:latest-alpine"
ports = ["http"]
volumes = [
"/storage/nomad/vaultwarden:/data"
]
}
template {
data = <<EOF
DOMAIN=https://vault.redbrick.dcu.ie
DATABASE_URL=postgresql://{{ key "vaultwarden/db/user" }}:{{ key "vaultwarden/db/password" }}@postgres.service.consul:5432/{{ key "vaultwarden/db/name" }}
SIGNUPS_ALLOWED=false
INVITATIONS_ALLOWED=true
# This is not the actual token, but a hash of it. Vaultwarden does not like the actual token.
ADMIN_TOKEN={{ key "vaultwarden/admin/hash" }}
EOF
destination = "local/env"
env = true
}
# These yubico variables are not necessary for yubikey support, only to verify the keys with yubico.
#YUBICO_CLIENT_ID={{ key "vaultwarden/yubico/client_id" }}
#YUBICO_SECRET_KEY={{ key "vaultwarden/yubico/secret_key" }}
#SMTP_HOST={{ key "vaultwarden/smtp/host" }}
#SMTP_FROM={{ key "vaultwarden/smtp/from" }}
#SMTP_PORT={{ key "vaultwarden/smtp/port" }}
#SMTP_SECURITY=force_tls
#SMTP_USERNAME={{ key "vaultwarden/smtp/username" }}
#SMTP_PASSWORD={{ key "vaultwarden/smtp/password" }}
resources {
cpu = 500
memory = 500
}
}
}
}