Add freshrss to docker+nomad
This commit is contained in:
parent
7d7a403346
commit
4af806bebd
6 changed files with 189 additions and 0 deletions
10
docker/freshrss/Dockerfile
Normal file
10
docker/freshrss/Dockerfile
Normal file
|
@ -0,0 +1,10 @@
|
|||
FROM freshrss/freshrss:alpine
|
||||
|
||||
# add ca-certificates package
|
||||
RUN apk add --no-cache ca-certificates
|
||||
|
||||
# Copy masked.name root cert
|
||||
COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
|
||||
|
||||
# update ca certs
|
||||
RUN update-ca-certificates 2>/dev/null
|
43
docker/freshrss/files/MaskedName_Root_CA.crt
Executable file
43
docker/freshrss/files/MaskedName_Root_CA.crt
Executable file
|
@ -0,0 +1,43 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
|
||||
ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
|
||||
lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
|
||||
97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
|
||||
RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
|
||||
7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
|
||||
lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
|
||||
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
|
||||
URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
|
||||
A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
|
||||
W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
|
||||
NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
|
||||
PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
|
||||
RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
|
||||
Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
|
||||
KibGel+gFPpq
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
|
||||
ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
|
||||
QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
|
||||
ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
|
||||
UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
|
||||
d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
|
||||
jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
|
||||
fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
|
||||
nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
|
||||
BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
|
||||
FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
|
||||
BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
|
||||
a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
|
||||
aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
|
||||
BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
|
||||
dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
|
||||
APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
|
||||
4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
|
||||
hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
|
||||
KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
|
||||
-----END CERTIFICATE-----
|
49
nomad/freshrss/files/config.php.tpl
Normal file
49
nomad/freshrss/files/config.php.tpl
Normal file
|
@ -0,0 +1,49 @@
|
|||
<?php
|
||||
return array (
|
||||
'environment' => 'production',
|
||||
'salt' => '{{ freshrss_salt }}',
|
||||
'base_url' => 'http://192.168.122.71/FreshRSS',
|
||||
'auto_update_url' => 'https://update.freshrss.org',
|
||||
'language' => 'en',
|
||||
'title' => 'RSS - Minhas.io',
|
||||
'meta_description' => '',
|
||||
'default_user' => 'asara',
|
||||
'allow_anonymous' => false,
|
||||
'allow_anonymous_refresh' => false,
|
||||
'auth_type' => 'form',
|
||||
'api_enabled' => true,
|
||||
'unsafe_autologin_enabled' => false,
|
||||
'simplepie_syslog_enabled' => true,
|
||||
'pubsubhubbub_enabled' => true,
|
||||
'allow_robots' => false,
|
||||
'allow_referrer' => false,
|
||||
'limits' =>
|
||||
array (
|
||||
'cookie_duration' => 2592000,
|
||||
'cache_duration' => 800,
|
||||
'timeout' => 15,
|
||||
'max_inactivity' => 9223372036854775807,
|
||||
'max_feeds' => 16384,
|
||||
'max_categories' => 16384,
|
||||
'max_registrations' => 1,
|
||||
),
|
||||
'curl_options' =>
|
||||
array (
|
||||
),
|
||||
'db' =>
|
||||
array (
|
||||
'type' => 'pgsql',
|
||||
'host' => '192.168.122.101',
|
||||
'user' => 'freshrss',
|
||||
'password' => '{{ freshrss_db_pw }}',
|
||||
'base' => 'freshrss',
|
||||
'prefix' => 'freshrss_',
|
||||
'pdo_options' =>
|
||||
array (
|
||||
),
|
||||
),
|
||||
'extensions_enabled' =>
|
||||
array (
|
||||
),
|
||||
'disable_update' => false,
|
||||
);
|
87
nomad/freshrss/freshrss.nomad
Normal file
87
nomad/freshrss/freshrss.nomad
Normal file
|
@ -0,0 +1,87 @@
|
|||
job "freshrss" {
|
||||
datacenters = ["columbia"]
|
||||
region = "global"
|
||||
type = "service"
|
||||
|
||||
update {
|
||||
stagger = "30s"
|
||||
max_parallel = 1
|
||||
}
|
||||
|
||||
group "freshrss" {
|
||||
count = 1
|
||||
|
||||
task "freshrss" {
|
||||
vault {
|
||||
policies = ["default", "ansible"]
|
||||
change_mode = "restart"
|
||||
}
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "docker.service.masked.name:8082/freshrss"
|
||||
ports = ["http"]
|
||||
volumes = [
|
||||
"/mnt/raid/rss:/var/www/FreshRSS/data"
|
||||
]
|
||||
}
|
||||
|
||||
service {
|
||||
name = "freshrss"
|
||||
port = "http"
|
||||
|
||||
check {
|
||||
name = "freshrss"
|
||||
type = "tcp"
|
||||
interval = "10s"
|
||||
timeout = "2s"
|
||||
address_mode = "driver"
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOH
|
||||
{{- with secret "pki_int/issue/masked-dot-name" "common_name=freshrss.service.masked.name" "alt_names=freshrss.service.columbia.masked.name" -}}
|
||||
{{- .Data.certificate -}}
|
||||
{{- end -}}
|
||||
EOH
|
||||
destination = "${NOMAD_SECRETS_DIR}/freshrss.crt"
|
||||
change_mode = "restart"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOH
|
||||
{{- with secret "pki_int/issue/masked-dot-name" "common_name=freshrss.service.masked.name" "alt_names=freshrss.service.columbia.masked.name" -}}
|
||||
{{- .Data.private_key -}}
|
||||
{{- end -}}
|
||||
EOH
|
||||
destination = "${NOMAD_SECRETS_DIR}/freshrss.key"
|
||||
change_mode = "restart"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOH
|
||||
POSTGRES_DB = "freshrss"
|
||||
POSTGRES_USER = "freshrss"
|
||||
POSTGRES_PASSWORD = "{{ with secret "kv/data/freshrss" }}{{ .Data.data.db_pw }}{{ end }}"
|
||||
POSTGRES_HOST = "ivyking.node.masked.name"
|
||||
ROOT_URL = "${NOMAD_ADDR_http}"
|
||||
JAVA_ARGS = "-Xmx2048m"
|
||||
EOH
|
||||
destination = "secrets/freshrss.env"
|
||||
env = true
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 2000
|
||||
memory = 2560
|
||||
}
|
||||
}
|
||||
|
||||
network {
|
||||
port "http" {
|
||||
to = 80
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue