homelab/nomad-job/vaultwarden.nomad

81 lines
1.8 KiB
Plaintext
Raw Permalink Normal View History

2022-05-07 08:38:13 +00:00
job "vaultwarden" {
2022-09-09 15:19:07 +00:00
datacenters = ["hetzner"]
2022-05-07 08:38:13 +00:00
type = "service"
meta {
forcedeploy = "0"
}
group "vaultwarden"{
network {
mode = "host"
port "http" {
to = 80
}
}
vault{
policies= ["access-tables"]
}
2022-05-12 09:36:04 +00:00
task "vaultwarden" {
2022-05-07 08:38:13 +00:00
driver = "docker"
service {
name = "vaultwarden"
port = "http"
tags = [
2022-05-23 19:44:34 +00:00
"homer.enable=true",
"homer.name=VaultWarden",
"homer.service=Application",
"homer.logo=https://yunohost.org/user/images/bitwarden_logo.png",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.win",
2022-05-07 08:38:13 +00:00
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
check {
type = "http"
path = "/"
interval = "60s"
timeout = "20s"
check_restart {
limit = 3
grace = "240s"
}
}
}
config {
image = "vaultwarden/server"
ports = ["http"]
volumes = [
"/mnt/diskstation/nomad/vaultwarden:/data"
]
}
env {
DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true"
DOMAIN = "https://vault.ducamps.win"
}
template {
data= <<EOH
{{ with secret "secrets/data/vaultwarden"}}
DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden
{{end}}
EOH
destination = "secrets/vaultwarden.env"
env = true
}
2022-05-12 09:36:04 +00:00
resources {
memory = 150
}
2022-05-07 08:38:13 +00:00
}
}
}