homelab/nomad-job/apps/vaultwarden.nomad

87 lines
2.1 KiB
Plaintext
Raw Normal View History

2022-05-07 08:38:13 +00:00
job "vaultwarden" {
2022-10-14 11:08:10 +00:00
datacenters = ["homelab"]
2022-12-10 16:10:32 +00:00
priority = 90
2022-10-29 08:40:01 +00:00
type = "service"
2022-05-07 08:38:13 +00:00
meta {
forcedeploy = "0"
}
2024-02-21 18:03:31 +00:00
constraint {
attribute = "${node.class}"
operator = "set_contains"
value = "cluster"
}
2022-10-29 08:40:01 +00:00
group "vaultwarden" {
2022-05-07 08:38:13 +00:00
network {
mode = "host"
port "http" {
to = 80
}
}
2022-10-29 08:40:01 +00:00
vault {
2022-10-30 08:33:39 +00:00
policies = ["vaultwarden"]
2022-05-07 08:38:13 +00:00
}
2022-05-12 09:36:04 +00:00
task "vaultwarden" {
2022-05-07 08:38:13 +00:00
driver = "docker"
service {
name = "vaultwarden"
port = "http"
tags = [
2022-10-29 08:40:01 +00:00
"homer.enable=true",
"homer.name=VaultWarden",
"homer.service=Application",
"homer.logo=https://yunohost.org/user/images/bitwarden_logo.png",
"homer.target=_blank",
2023-11-05 18:08:17 +00:00
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu",
2022-05-23 19:44:34 +00:00
2022-10-29 08:40:01 +00:00
"traefik.enable=true",
2023-11-05 18:08:17 +00:00
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.eu`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.eu",
2022-10-29 08:40:01 +00:00
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
2023-10-07 16:40:40 +00:00
"traefik.http.routers.${NOMAD_JOB_NAME}.entrypoints=web,websecure",
2022-05-07 08:38:13 +00:00
]
check {
type = "http"
path = "/"
interval = "60s"
timeout = "20s"
check_restart {
limit = 3
grace = "240s"
}
}
}
config {
2024-03-17 17:58:24 +00:00
image = "docker.service.consul:5000/vaultwarden/server"
2022-05-07 08:38:13 +00:00
ports = ["http"]
volumes = [
"/mnt/diskstation/nomad/vaultwarden:/data"
]
}
env {
2022-10-29 08:40:01 +00:00
DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true"
2023-11-05 18:08:17 +00:00
DOMAIN = "https://vault.ducamps.eu"
2022-05-07 08:38:13 +00:00
}
template {
2022-10-29 08:40:01 +00:00
data = <<EOH
2022-10-30 08:33:39 +00:00
{{ with secret "secrets/data/database/vaultwarden"}}
2023-11-01 07:42:04 +00:00
DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.password }}@active.db.service.consul/vaultwarden
2022-05-07 08:38:13 +00:00
{{end}}
EOH
destination = "secrets/vaultwarden.env"
2022-10-29 08:40:01 +00:00
env = true
2022-05-07 08:38:13 +00:00
}
2022-05-12 09:36:04 +00:00
resources {
memory = 150
}
2022-05-07 08:38:13 +00:00
}
}
}