More nextcloud config using Vault

This commit is contained in:
IamTheFij 2022-07-08 16:26:26 -07:00
parent 02b448e363
commit c58056d594
2 changed files with 32 additions and 7 deletions

View File

@ -5,7 +5,8 @@ job "Nextcloud" {
repo = "/local/repo"
# Read from secret file
# Either options.PasswordFile or using readfile()
passphrase = "secret phrase"
# passphrase = "secret phrase"
passwordFile("tmp/passphrase")
}
task "Create dir for repo" {

View File

@ -214,14 +214,38 @@ GRANT ALL ON `{{ .Data.data.db_name }}`.* to '{{ .Data.data.db_user }}'@'%';
target = "/jobs"
source = "jobs"
}
mount {
type = "bind"
target = "/tmp/passphrase"
source = "secrets/passphrase"
}
}
env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
"MYSQL_DATABASE" = "${var.nextcloud_db}"
"MYSQL_USER" = "${var.nextcloud_user}"
"MYSQL_PASSWORD" = "${var.nextcloud_pass}"
}
vault {
policies = ["access-tables", "nomad-task"]
}
template {
data = "{{ with secret \"kv/data/nextcloud\" }}{{ .Data.data.backup_passphrase }}{{ end }}"
destination = "secrets/passphrase"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
}
template {