admin/passbolt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5678e049afffdca57a917bc03fc413956bc0e3c5
passbolt/README.md
Francisco Gaona 5678e049af Nomad Passbolt Job
2025-10-29 08:20:26 +01:00

112 lines
3.6 KiB
Markdown
Raw Blame History

# Passbolt Nomad Deployment
This repository contains the Nomad job specification for deploying Passbolt password manager on a Nomad cluster with Consul Connect and Traefik integration.
## Prerequisites
Before deploying Passbolt, ensure you have:
1. A Nomad cluster with Consul Connect enabled
2. Traefik configured for service routing
3. Docker volumes directory created on the target node
## Deployment Steps
### 1. Register Consul Service Defaults
Before deploying the Nomad job, you must register the service defaults with Consul:
```bash
consul config write passbolt-service-defaults.hcl
```
This configures the protocol for the `passbolt-app` service to work with the Consul Connect ingress gateway.
### 2. Set Up Volume Permissions
The GPG volume directory requires specific permissions for Passbolt to function correctly:
```bash
# Create the directory if it doesn't exist
sudo mkdir -p /root/nomadvolumes/passbolt/data/gpg
# Set ownership to root with www-data group
sudo chown root:www-data /root/nomadvolumes/passbolt/data/gpg
# Set permissions to 774
sudo chmod 774 /root/nomadvolumes/passbolt/data/gpg
```
### 3. Deploy the Nomad Job
```bash
nomad run passbolt.nomad
```
## Post-Deployment Configuration
### Creating the First Admin User
After the deployment is successful, you need to create the first admin user. Connect to the Passbolt container and run:
```bash
nomad alloc exec -task passbolt-app <ALLOCATION_ID> su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u YOUR_EMAIL \
-f YOUR_NAME \
-l YOUR_LASTNAME \
-r admin" -s /bin/sh www-data
```
Replace:
- `<ALLOCATION_ID>` with the actual allocation ID (find it with `nomad job status passbolt`)
- `YOUR_EMAIL` with the admin email address
- `YOUR_NAME` with the admin first name
- `YOUR_LASTNAME` with the admin last name
This command will output a registration link. Follow the link to complete the user setup process, including:
- Installing the Passbolt browser extension
- Creating your passphrase
- Generating your recovery kit
For detailed instructions, see: [Passbolt Docker Installation Guide](https://www.passbolt.com/docs/hosting/install/ce/docker/)
### Importing Passwords from CSV
If you're migrating from another password manager (like Dropbox Passwords), you can import passwords using a CSV file.
Follow this community guide for the import process:
[Migrating from Dropbox Passwords to Passbolt](https://community.passbolt.com/t/migrating-from-dropbox-passwords-to-passbolt/13653)
## Access
Once deployed and configured, Passbolt will be available at:
**https://passbolt.neogenia.com.mx**
## Architecture
The deployment consists of three main groups:
1. **ingress-group**: Consul Connect ingress gateway with Traefik integration for external routing
2. **database**: MariaDB 10.11 for data persistence
3. **passbolt**: The main Passbolt application with Consul Connect sidecar for secure service mesh communication
## Volumes
The deployment uses the following persistent volumes:
- `/root/nomadvolumes/passbolt/data/mysql` - MariaDB database files
- `/root/nomadvolumes/passbolt/data/gpg` - GPG keys (requires special permissions)
- `/root/nomadvolumes/passbolt/data/jwt` - JWT tokens
## Security Notes
- Database credentials are configured in the Nomad job file. Update these for production use.
- All service-to-service communication uses Consul Connect for mTLS encryption
- Traefik handles TLS termination with automatic certificate generation via Let's Encrypt
## Additional Notes
- This repo contains the original docker-compose yml file as a reference but it is not needed to run the nomad job
Reference in New Issue View Git Blame Copy Permalink