feat(opsi): Add opsi

If we want to override RESTART_POLICY we have to
spell it with an underscore and not as
RESTARTPOLICY.

Also TIMEZONE doesn't really exist anymore, it's
PHP_TZ and that is already covered by vars from
Vault so no need to list it separately.

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -17,10 +17,10 @@ export VAULT_TOKEN='hvs.BerthaIsDeNigrAtinGtHEiMP'
 export DOCKER_FQDN='containers-3.example.net'
 export DOCKER_GROUP_NAME='grafana'
 export DOCKER_CTX='bi_shenyang'
-export VAULT_KEY='/kv/data/docker/${DOCKER_GROUP_NAME}/'"${DOCKER_CTX}"
+export VAULT_KEY='/kv/data/for_rbacgroup_remco/docker/'"${DOCKER_GROUP_NAME}"'/'"${DOCKER_CTX}"
 ```
 
-Treat `DOCKER_CTX` as a team name, purpose or scope. If the same Docker application can run multiple times and serve different tenants then `DOCKER_CTX` is what distinguishes one instance from the other. Here `bi_shenyang` indicates for example a Shenyang-based Business Intelligence team.
+Treat `DOCKER_CTX` ("CTX" as in context) as a team name, purpose or scope. If the same Docker application can run multiple times and serve different tenants then `DOCKER_CTX` is what distinguishes one instance from the other. Here `bi_shenyang` indicates for example a Shenyang-based Business Intelligence team.
 
 ## Render config files
 Let `remco` generate an environment file

config.toml

@@ -6,8 +6,9 @@ retries = 0
 name = "${DOCKER_GROUP_NAME}"
 
 [[resource.template]]
-  src = "${REMCO_DOCKER_CONFIG}/templates.d/${DOCKER_GROUP_NAME}/fqdn-context.env"
+  src = "${REMCO_DOCKER_CONFIG}/templates.d/${DOCKER_GROUP_NAME}/fqdn_context.env"
   dst = "${REMCO_DOCKER_CONFIG}/rendered.d/${DOCKER_GROUP_NAME}/${DOCKER_FQDN}_${DOCKER_CTX}.env"
+  make_directories = true
 
   [resource.backend]
     [resource.backend.vault]

rendered.d/.gitignore

@@ -1,2 +1,2 @@
+/*
 !.gitignore
-*.env

templates.d/haproxy/fqdn_context.env

@@ -0,0 +1,10 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always

templates.d/hashicorpvault/fqdn_context.env

@@ -0,0 +1,11 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always
+# TIMEZONE=Etc/UTC

templates.d/nginx/fqdn_context.env

@@ -0,0 +1,11 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always
+# TIMEZONE=Etc/UTC

templates.d/nginx_rtmp/fqdn_context.env

@@ -0,0 +1,16 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# ALPINE_VERSION=latest
+# EXTERNAL_CONTAINER_PORT=1935
+# INTERNAL_CONTAINER_PORT=1935
+# NGINX_RTMP_GIT_URL=https://github.com/arut/nginx-rtmp-module
+# NGINX_RTMP_GIT_NAME=nginx-rtmp-module
+# RESTARTPOLICY=unless-stopped
+# TIMEZONE=Etc/UTC

templates.d/openldap/fqdn_context.env

@@ -0,0 +1,18 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# For logging details and setup instructions you may want to
+# check https://www.openldap.org/doc/admin26/slapdconfig.html
+#
+# Stats log connections/operations/results (this is the default):
+# LDAP_LOGLEVEL=256
+# Or enable all log levels:
+# LDAP_LOGLEVEL=-1
+
+# Other available defaults
+# A_RESTART_POLICY=unless-stopped

templates.d/opsi/fqdn_context.env

@@ -0,0 +1,10 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always

templates.d/paperless_ngx/fqdn_context.env

@@ -0,0 +1,15 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# USERMAP_UID=1000
+# USERMAP_GID=1000
+# PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
+# PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required
+# RESTARTPOLICY=unless-stopped
+# TIMEZONE=Etc/UTC

templates.d/rundeck/fqdn_context.env

@@ -0,0 +1,21 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always
+#
+# Defaults to "warn"
+# Can be for example debug, info, warn, error
+# RUNDECK_LOGGING_LOGLEVEL_DEFAULT=debug
+# RUNDECK_LOGGING_LOGLEVEL_ROOT=debug
+# RUNDECK_LOGGING_LOGLEVEL_HIBERNATE=debug
+# RUNDECK_LOGGING_LOGLEVEL_SPRING=debug
+# RUNDECK_LOGGING_LOGLEVEL_SPRINGBEAN=debug
+# RUNDECK_LOGGING_LOGLEVEL_INTERNALS=debug
+# RUNDECK_LOGGING_LOGLEVEL_GRAILS=debug
+# RUNDECK_LOGGING_LOGLEVEL_JETTY=debug

templates.d/signal_cli_rest_api/fqdn_context.env

@@ -0,0 +1,13 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+# Only when MODE is not "json-rpc":
+# AUTO_RECEIVE_SCHEDULE=0 22 * * *
+
+# Other available defaults
+# RESTARTPOLICY=unless-stopped
+# TIMEZONE=Etc/UTC

templates.d/snipeit/fqdn_context.env

@@ -0,0 +1,13 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+# Set to true when needed for temporary debugging
+APP_DEBUG=false
+
+# Other available defaults
+# RESTARTPOLICY=unless-stopped
+# TIMEZONE=Etc/UTC

templates.d/traccar/fqdn_context.env

@@ -0,0 +1,11 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# Other available defaults
+# RESTARTPOLICY=always
+# TIMEZONE=Etc/UTC

templates.d/tt-rss/fqdn_context.env

@@ -0,0 +1,34 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+
+# RESTARTPOLICY=always
+
+# Other available defaults from https://tt-rss.org/wiki/InstallationNotes/:
+
+# Run FPM under this UID/GID.
+# OWNER_UID=1000
+# OWNER_GID=1000
+
+# FPM settings.
+# PHP_WORKER_MAX_CHILDREN=5
+# PHP_WORKER_MEMORY_LIMIT=256M
+
+# Auto create another user (in addition to built-in admin) unless it already exists.
+# *_USER_ACCESS_LEVEL:
+# -2 - forbidden to login
+# -1 - readonly
+#  0 - default user
+# 10 - admin
+# AUTO_CREATE_USER=
+# AUTO_CREATE_USER_PASS=
+# AUTO_CREATE_USER_ACCESS_LEVEL=0
+
+# Other config.php defines
+# TTRSS_PLUGINS=auth_internal,auth_remote
+# TTRSS_SESSION_COOKIE_LIFETIME=2592000
+# TTRSS_FORCE_ARTICLE_PURGE=30

templates.d/zabbixserver/fqdn_context.env

@@ -5,5 +5,6 @@
 {% for key in ls(VAULT_KEY|add:"/data") %}
 {{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
 {% endfor %}
+
 # When needed for temporary debugging
 # ZBX_DEBUGLEVEL=4