lemonldap-ng/lemonldap-ng.nomad.hcl

job "[[ .instance ]]" {

[[ template "common/job_start" merge .llng . ]]

  group "lemonldap-ng" {
[[- $c := merge .llng.engine .llng . ]]
[[ template "common/group_start" $c ]]

[[ template "common/constraints" $c ]]

    network {
      mode = "bridge"
    }

    service {
      name = "[[ .instance ]][[ .consul.suffix ]]"
      port = 8080

[[ template "common/service_meta" $c ]]
[[ template "common/connect" $c ]]

      check {
        type     = "http"
        path     = "/ping"
        expose   = true
[[ template "common/check_settings" $c ]]
        check_restart {
          limit = 6
          grace = "5m"
        }
      }

[[- $p := merge .llng.portal . ]]
[[- $m := merge .llng.manager . ]]
[[- $a := merge .llng.api .llng.portal . ]]

      tags = [

        "[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)",
[[ template "common/traefik_tags" $p ]]

[[ template "common/traefik_tags" $m ]]

        "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
[[ template "common/traefik_tags" $a ]]

      ]
    }

[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgpooler" $c ]]

    task "lemonldap-ng" {
      driver = "[[ $c.nomad.driver ]]"

      config {
[[ template "common/image" $c ]]
        pids_limit      = 200
        volumes         = [
          "secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
          "local/init-db.sh:/entrypoint.d/20-initdb.sh:ro",
          "local/minit.d/lemonldap-ng.yml:/etc/minit.d/lemonldap-ng.yml:ro"
        ]
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
      }

[[ template "common/vault.policies" $c ]]

[[ template "common/artifacts" $c ]]

      env {
        LLNG_NGINX_LISTEN      = "127.0.0.1:8080"
        LLNG_LISTEN            = "unix:/tmp/llng.sock"
        LLNG_MANAGER_VHOST     = [[ (urlParse .llng.manager.public_url).Hostname | toJSON ]]
        LLNG_PORTAL_VHOST      = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
        LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
      }

[[ template "common/file_env" $c ]]

      # Main Lemonldap::NG configuration
      template {
        data =<<_EOT
[[ template "lemonldap-ng/lemonldap-ng.ini.tpl" $c ]]
_EOT
        destination = "secrets/lemonldap-ng.ini"
        uid         = 100048
        gid         = 100048
        perms       = 440
      }

      # This is a striped down config, just used to migrate file based config to database on first start
      template {
        data =<<_EOT
[[ template "lemonldap-ng/init.ini.tpl" $c ]]
_EOT
        destination = "local/init.ini"
      }

      # Database settings
      template {
        data =<<_EOT
PGHOST=[[ $c.postgres.host ]]
PGDATABASE=[[ $c.postgres.database ]]
[[- if ne $c.postgres.pooler.engine "none" ]]
PGPORT=[[ $c.postgres.pooler.port ]]
PGUSER=[[ .instance ]]
PGPASSWORD={{ env "NOMAD_ALLOC_ID" }}
[[- else ]]
  [[- if and (not (has $c.env "PGSSLMODE")) (regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host) ]]
PGSSLMODE=disable
  [[- end ]]
PGPORT=[[ $c.postgres.port ]]
PGUSER=[[ $c.postgres.user ]]
PGPASSWORD=[[ $c.postgres.password ]]
[[- end ]]
_EOT
        destination = "secrets/.db.env"
        uid         = 100000
        gid         = 100000
        perms       = 400
        env         = true
      }

      # A small script to handle initialization (create tables, indexes, load initial config in the DB)
      template {
        data = <<_EOT
[[ template "lemonldap-ng/init.sh.tpl" $c ]]
_EOT
        destination = "local/init-db.sh"
        perms       = 755
      }

      # Custom file based config, which will be migrated to the database
      template {
        data = <<_EOT
[[ template "lemonldap-ng/lmConf-1.json.tpl" . ]]
_EOT
        destination = "local/lmConf-1.json"
      }

      # Configure minit to start uwsgi, nginx, cron tasks
      template {
        data =<<_EOT
[[ template "lemonldap-ng/minit.yml.tpl" . ]]
_EOT
        destination = "local/minit.d/lemonldap-ng.yml"
      }

[[ template "common/resources" $c ]]
    }
  }
}
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`job "[[ .instance ]]" {`

			`[[ template "common/job_start" merge .llng . ]]`

			`group "lemonldap-ng" {`
Support postgres pooler 2024-01-11 22:37:14 +01:00			`[[- $c := merge .llng.engine .llng . ]]`
Cleanup 2024-04-17 22:54:11 +02:00			`[[ template "common/group_start" $c ]]`
Add distinct_hosts constraints 2024-02-21 10:10:41 +01:00
			`[[ template "common/constraints" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00
			`network {`
			`mode = "bridge"`
			`}`

			`service {`
			`name = "[[ .instance ]][[ .consul.suffix ]]"`
			`port = 8080`

Add service meta 2024-03-27 13:32:45 +01:00			`[[ template "common/service_meta" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`[[ template "common/connect" $c ]]`

Add /ping as a healthcheck 2024-04-17 15:40:31 +02:00			`check {`
			`type = "http"`
			`path = "/ping"`
			`expose = true`
Use check_settings 2024-05-12 22:13:03 +02:00			`[[ template "common/check_settings" $c ]]`
Add /ping as a healthcheck 2024-04-17 15:40:31 +02:00			`check_restart {`
			`limit = 6`
			`grace = "5m"`
			`}`
			`}`

Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`[[- $p := merge .llng.portal . ]]`
			`[[- $m := merge .llng.manager . ]]`
Cron jobs are configurable 2024-01-04 15:51:42 +01:00			`[[- $a := merge .llng.api .llng.portal . ]]`
Add /ping as a healthcheck 2024-04-17 15:40:31 +02:00
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`tags = [`

			"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config\|sessions)`)",
Adapt to new middleware model 2024-01-29 00:02:39 +01:00			`[[ template "common/traefik_tags" $p ]]`

			`[[ template "common/traefik_tags" $m ]]`

Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config\|sessions)`)",
Adapt to new middleware model 2024-01-29 00:02:39 +01:00			`[[ template "common/traefik_tags" $a ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00
			`]`
			`}`

Update caretakerd, add wait_for task 2024-01-05 14:35:13 +01:00			`[[ template "common/task.wait_for" $c ]]`
Update pgpooler template 2024-01-15 21:31:46 +01:00			`[[ template "common/task.pgpooler" $c ]]`
Update caretakerd, add wait_for task 2024-01-05 14:35:13 +01:00
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`task "lemonldap-ng" {`
Cleanup 2024-04-17 22:54:11 +02:00			`driver = "[[ $c.nomad.driver ]]"`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00
			`config {`
Cleanup 2024-04-17 22:54:11 +02:00			`[[ template "common/image" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`pids_limit = 200`
			`volumes = [`
			`"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",`
			`"local/init-db.sh:/entrypoint.d/20-initdb.sh:ro",`
Add missing Devel::StackTrace and use minit as PID1 2024-01-21 22:30:57 +01:00			`"local/minit.d/lemonldap-ng.yml:/etc/minit.d/lemonldap-ng.yml:ro"`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`]`
			`[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]`
			`}`

Support postgres pooler 2024-01-11 22:37:14 +01:00			`[[ template "common/vault.policies" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00
Various fixes and enhancements 2024-01-04 10:55:49 +01:00			`[[ template "common/artifacts" $c ]]`
Support adding custom assets 2024-01-03 22:48:34 +01:00
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`env {`
Support adding custom assets 2024-01-03 22:48:34 +01:00			`LLNG_NGINX_LISTEN = "127.0.0.1:8080"`
			`LLNG_LISTEN = "unix:/tmp/llng.sock"`
			`LLNG_MANAGER_VHOST = [[ (urlParse .llng.manager.public_url).Hostname \| toJSON ]]`
			`LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname \| toJSON ]]`
			`LLNG_CUSTOM_ASSETS_DIR = "/local/assets"`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`}`

Small cleanup 2024-03-02 22:19:51 +01:00			`[[ template "common/file_env" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00
			`# Main Lemonldap::NG configuration`
			`template {`
			`data =<<_EOT`
			`[[ template "lemonldap-ng/lemonldap-ng.ini.tpl" $c ]]`
			`_EOT`
			`destination = "secrets/lemonldap-ng.ini"`
			`uid = 100048`
			`gid = 100048`
			`perms = 440`
			`}`

			`# This is a striped down config, just used to migrate file based config to database on first start`
			`template {`
			`data =<<_EOT`
			`[[ template "lemonldap-ng/init.ini.tpl" $c ]]`
			`_EOT`
			`destination = "local/init.ini"`
			`}`

Support postgres pooler 2024-01-11 22:37:14 +01:00			`# Database settings`
			`template {`
			`data =<<_EOT`
			`PGHOST=[[ $c.postgres.host ]]`
			`PGDATABASE=[[ $c.postgres.database ]]`
			`[[- if ne $c.postgres.pooler.engine "none" ]]`
Use configured port for postgres pooler 2024-01-19 15:03:54 +01:00			`PGPORT=[[ $c.postgres.pooler.port ]]`
Support postgres pooler 2024-01-11 22:37:14 +01:00			`PGUSER=[[ .instance ]]`
			`PGPASSWORD={{ env "NOMAD_ALLOC_ID" }}`
			`[[- else ]]`
			`[[- if and (not (has $c.env "PGSSLMODE")) (regexp.Match "^(127\\.0\\.0\\.1\|localhost)$" .postgres.host) ]]`
			`PGSSLMODE=disable`
			`[[- end ]]`
			`PGPORT=[[ $c.postgres.port ]]`
			`PGUSER=[[ $c.postgres.user ]]`
			`PGPASSWORD=[[ $c.postgres.password ]]`
			`[[- end ]]`
			`_EOT`
			`destination = "secrets/.db.env"`
			`uid = 100000`
			`gid = 100000`
			`perms = 400`
			`env = true`
			`}`

Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`# A small script to handle initialization (create tables, indexes, load initial config in the DB)`
			`template {`
			`data = <<_EOT`
Small cleanup 2024-03-02 22:19:51 +01:00			`[[ template "lemonldap-ng/init.sh.tpl" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`_EOT`
			`destination = "local/init-db.sh"`
Small cleanup 2024-03-02 22:19:51 +01:00			`perms = 755`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`}`

			`# Custom file based config, which will be migrated to the database`
			`template {`
			`data = <<_EOT`
			`[[ template "lemonldap-ng/lmConf-1.json.tpl" . ]]`
			`_EOT`
			`destination = "local/lmConf-1.json"`
			`}`

Replace caretakerd with minit 2024-01-19 21:43:06 +01:00			`# Configure minit to start uwsgi, nginx, cron tasks`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`template {`
			`data =<<_EOT`
Replace caretakerd with minit 2024-01-19 21:43:06 +01:00			`[[ template "lemonldap-ng/minit.yml.tpl" . ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`_EOT`
Replace caretakerd with minit 2024-01-19 21:43:06 +01:00			`destination = "local/minit.d/lemonldap-ng.yml"`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`}`

Small cleanup 2024-03-02 22:19:51 +01:00			`[[ template "common/resources" $c ]]`
Lemonldap::NG first job template 2024-01-03 21:04:11 +01:00			`}`
			`}`
			`}`