iamthefij/orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More nextcloud config using Vault

Browse Source
This commit is contained in:
IamTheFij 2022-07-08 16:26:26 -07:00
parent 02b448e363
commit c58056d594
2 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nomad/nextcloud/nextcloud-backup.hcl
View File

@ -5,7 +5,8 @@ job "Nextcloud" {
repo = "/local/repo" repo = "/local/repo"
# Read from secret file # Read from secret file
# Either options.PasswordFile or using readfile() # Either options.PasswordFile or using readfile()
passphrase = "secret phrase" # passphrase = "secret phrase"
passwordFile("tmp/passphrase")
} }
task "Create dir for repo" { task "Create dir for repo" {

36
nomad/nextcloud/nextcloud.nomad
View File

@ -165,9 +165,9 @@ GRANT ALL ON `{{ .Data.data.db_name }}`.* to '{{ .Data.data.db_user }}'@'%';
template { template {
data = <<EOF data = <<EOF
{{ with secret "kv/data/nextcloud" }} {{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }} MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }} MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }} MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }} {{ end }}
EOF EOF
destination = "secrets/db.env" destination = "secrets/db.env"
@ -214,14 +214,38 @@ GRANT ALL ON `{{ .Data.data.db_name }}`.* to '{{ .Data.data.db_user }}'@'%';
target = "/jobs" target = "/jobs"
source = "jobs" source = "jobs"
} }
mount {
type = "bind"
target = "/tmp/passphrase"
source = "secrets/passphrase"
}
} }
env = { env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}" "MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}" "MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
"MYSQL_DATABASE" = "${var.nextcloud_db}" }
"MYSQL_USER" = "${var.nextcloud_user}"
"MYSQL_PASSWORD" = "${var.nextcloud_pass}" vault {
policies = ["access-tables", "nomad-task"]
}
template {
data = "{{ with secret \"kv/data/nextcloud\" }}{{ .Data.data.backup_passphrase }}{{ end }}"
destination = "secrets/passphrase"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
} }
template { template {