add vaultwarden

2022-05-07 10:38:13 +02:00 · 2022-05-07 10:38:13 +02:00 · 47ac056f6a
commit 47ac056f6a
parent c53fe3bc34
1 changed files with 70 additions and 0 deletions
--- a/vaultwarden.nomad
+++ b/vaultwarden.nomad
@ -0,0 +1,70 @@
+
+job "vaultwarden" {
+  datacenters = ["homelab"]
+  type = "service"
+  meta {
+    forcedeploy = "0"
+  }
+
+  group "vaultwarden"{
+    network {
+      mode = "host"
+      port "http" {
+        to = 80
+      }
+    }
+    vault{
+      policies= ["access-tables"]
+
+    }
+    task "server" {
+      driver = "docker"
+      service {
+        name = "vaultwarden"
+        port = "http"
+        tags = [
+            "traefik.enable=true",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`vault.ducamps.win`)",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=vault.ducamps.win",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
+        ]
+        check {
+          type     = "http"
+          path     = "/"
+          interval = "60s"
+          timeout  = "20s"
+
+          check_restart {
+            limit = 3
+            grace = "240s"
+          }
+        }
+      }
+      config {
+        image = "vaultwarden/server"
+        ports = ["http"]
+        volumes = [
+          "/mnt/diskstation/nomad/vaultwarden:/data"
+        ]
+
+      }
+      env {
+        DATA_FOLDER  = "/data"
+        WEB_VAULT_ENABLED   = "true"
+        DOMAIN = "https://vault.ducamps.win"
+
+      }
+
+      template {
+        data= <<EOH
+          {{ with secret "secrets/data/vaultwarden"}}
+          DATABASE_URL=postgresql://vaultwarden:{{ .Data.data.DB_PASSWORD }}@db1.ducamps.win/vaultwarden
+          {{end}}
+          EOH
+        destination = "secrets/vaultwarden.env"
+        env = true
+      }
+    }
+
+  }
+}