add vaultwarden

This commit is contained in:
vincent 2022-05-07 10:38:13 +02:00
parent c53fe3bc34
commit 47ac056f6a

70
vaultwarden.nomad Normal file
View File

@ -0,0 +1,70 @@
job "vaultwarden" {
datacenters = ["homelab"]
type = "service"
meta {
forcedeploy = "0"
}
group "vaultwarden"{
network {
mode = "host"
port "http" {
to = 80
}
}
vault{
policies= ["access-tables"]
}
task "server" {
driver = "docker"
service {
name = "vaultwarden"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
]
check {
type = "http"
path = "/"
interval = "60s"
timeout = "20s"
check_restart {
limit = 3
grace = "240s"
}
}
}
config {
image = "vaultwarden/server"
ports = ["http"]
volumes = [
"/mnt/diskstation/nomad/vaultwarden:/data"
]
}
env {
DATA_FOLDER = "/data"
WEB_VAULT_ENABLED = "true"
DOMAIN = "https://vault.ducamps.win"
}
template {
data= <<EOH
{{ with secret "secrets/data/vaultwarden"}}
DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden
{{end}}
EOH
destination = "secrets/vaultwarden.env"
env = true
}
}
}
}