init

2021-04-27 09:50:26 +02:00 · 2021-04-27 09:50:26 +02:00 · b891278e58
commit b891278e58
parent c092f97fa4
4 changed files with 27 additions and 72 deletions
--- a/69
+++ b/69
@ -1,68 +1,7 @@
-FROM archlinux as build
+FROM alpine:3
 RUN pacman -Syu --noconfirm \
 		base-devel \
 		git \
 		go \
 		nodejs-lts-erbium \
 		npm \
 		sudo \
 		yarn
 RUN \
-	echo -e 'root ALL=(ALL) ALL\n%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers && \
+	apk update --no-cache &&
-    useradd -m -U -G wheel builduser
+	apk add --no-cache vault
 USER builduser
 RUN \
 	cd && \
 	export GOROOT=/usr/lib/go && \
 	export GOPATH=${HOME}/go && \
 	export PATH=${PATH}:${GOROOT}/bin:${GOPATH}/bin && \
 	git config --global advice.detachedHead false && \
 	git clone https://aur.archlinux.org/yay-git.git && \
 	cd yay-git && \
 	makepkg --syncdeps --install --noconfirm && \
 	yay -S --noconfirm \
 		nodejs-ember-cli
 ARG VAULT_VERSION=
 ARG VAULT_REPO
 ARG BUILD_PATH=vault
 RUN --mount=type=tmpfs,target=/home/builduser/go/src/ \
 	echo "selected repo: ${VAULT_REPO}" && \
 	if [ -z "${VAULT_VERSION}" ]; then \
 		VAULT_VERSION=$( \
 			git ls-remote "${VAULT_REPO}" | \
 			awk '$2 ~ /^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$/ { print substr($2,11) }' | sort -V | tail -n1 \
 		) ; \
 	fi && \
 	echo "selected vault branch: ${VAULT_VERSION}" && \
 	BUILD_PATH=$(echo "${VAULT_REPO}" | sed -E 's/^.*\/\/(.*)\.git/\1/') && \
 	BUILD_PATH="${GOPATH}/src/${BUILD_PATH}" && \
 	git clone \
 		--branch="${VAULT_VERSION}" \
 		--depth=1 \
 		"${VAULT_REPO}" \
 		"${BUILD_PATH}" && \
 	cd "${BUILD_PATH}" && \
 	make static-dist dev-ui && \
 	cp /go/bin/vault /vault
 FROM alpine:3 as runtime
 RUN addgroup vault && \
    adduser -S -G vault vault
 RUN \
 	mkdir -p \
 		/vault/file \
 		/vault/config && \
 	chown -R vault:vault /vault
 COPY --from=build /vault /bin/vault
 ENTRYPOINT /bin/vault server -config /vault/config
 CMD vault server -config=/
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -2,19 +2,17 @@ version: '3'
 services:
  vault:
-    build:
+    command: vault server -config /etc/vault.hcl
      args:
        VAULT_REPO: ${VAULT_REPO}
        VAULT_VERSION: ${VAULT_VERSION}
      context: ./
    container_name: vault
-    image: vault:local
+    image: vault:${VAULT_VERSION} 
    logging:
      driver: journald
      options:
        tag: vault
-    restart: never # TODO
+    restart: unless-stopped 
    ports:
      - ${API_IP}:${API_PORT}:8200
      - ${CLUSTER_IP}:${CLUSTER_PORT}:8201
    volumes:
      - ./vault.hcl:/etc/vault.hcl:ro
--- a/env.example
+++ b/env.example
@ -0,0 +1,5 @@
 API_IP="127.0.0.1"
 API_PORT=8200
 CLUSTER_IP="127.0.0.1"
 CLUSTER_PORT=8201
 VAULT_VERSION="1.7.0"
--- a/vault.hcl
+++ b/vault.hcl
@ -0,0 +1,13 @@
 storage "postgresql" {
  connection_url = "postgresql://vault:vault@10.250.250.22:5432/vault?sslmode=disable"
 }
 listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "true"
 }
 disable_mlock = true
 ui = true
 log_level = "info"