nomad
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Various fixes and enhancements

This commit is contained in:
Daniel Berteaud 2024-01-04 10:55:49 +01:00
parent 7d1a98a35a
commit 4c5af66d40
8 changed files with 30 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
consul/config/service-intentions/lemonldap-ng.hcl
View File

@ -16,7 +16,7 @@ Sources = [
{
Action = "deny"
HTTP {
PathRegex = "^/reload"
PathRegex = "^/(reload|status)"
}
},
{

1
images/lemonldap-ng/Dockerfile
View File

@ -39,6 +39,7 @@ RUN set -eux &&\
perl-WWW-Form-UrlEncoded \
perl-Class-XSAccessor \
perl-Email-Sender \
perl-Data-Password-zxcvbn \
nginx \
&&\
# dnf is an alias using --nodocs, so install doc manually \

9
images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template
View File

@ -86,6 +86,15 @@ http {
uwsgi_param SCRIPT_NAME $sc;
}
location = /status {
allow 127.0.0.1;
deny all;
uwsgi_pass ${LLNG_LISTEN};
uwsgi_param LLTYPE status;
uwsgi_param SCRIPT_FILENAME $document_root$sc;
uwsgi_param SCRIPT_NAME $sc;
}
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
include /etc/nginx/uwsgi_params;
uwsgi_pass ${LLNG_LISTEN};

10
lemonldap-ng.nomad.hcl
View File

@ -70,14 +70,7 @@ job "[[ .instance ]]" {
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
}
[[- range $k1, $v1 := .llng.portal.assets ]]
[[- range $k2, $v2 := $v1 ]]
artifact {
source = "[[ $v2.url ]]"
destination = "local/assets/static/common/[[ $k1 ]]"
}
[[- end ]]
[[- end ]]
[[ template "common/artifacts" $c ]]
env {
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
@ -86,6 +79,7 @@ job "[[ .instance ]]" {
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
CTD_CONFIG = "/local/caretakerd.yaml"
[[ template "common/proxy_env" $c ]]
}
[[ template "common/file_env" $c.env ]]

8
templates/caretakerd.yaml.tpl
View File

@ -1,5 +1,3 @@
logger:
level: debug
services:
lemonldap:
type: master
@ -7,13 +5,19 @@ services:
local_cache:
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
cronExpression: '1 * * * *'
logger:
level: debug
nginx:
command: ["nginx", "-c", "${LLNG_NGINX_CONF}"]
{{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
global_cache:
command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"]
cronExpression: '10 * * * *'
logger:
level: debug
rotate_oidc_keys:
command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"]
cronExpression: '5 5 * * 6'
logger:
level: debug
{{- end }}

2
templates/lemonldap-ng.ini.tpl
View File

@ -27,6 +27,8 @@ notificationStorageOptions = { \
'type' => 'CDBI', \
}
status = 1
[configuration]
useServerEnv = 1
type = CDBI

4
templates/lmConf-1.json.tpl
View File

@ -86,10 +86,10 @@
"localSessionStorage" : "Cache::FileCache",
"localSessionStorageOptions" : {
"cache_depth" : 3,
"cache_root" : "/var/cache/lemonldap-ng",
"cache_root" : "/tmp",
"default_expires_in" : 600,
"directory_umask" : "007",
"namespace" : "lemonldap-ng-sessions"
"namespace" : "sessions"
},
"globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST",
"globalStorageOptions" : {

103
variables.yml
View File

@ -12,7 +12,7 @@ llng:
count: 1
# Docker image to use
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-2'
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-4'
# Resource allocation
resources:
@ -40,6 +40,12 @@ llng:
# if you need to rise this value (or you can just run several instances instead)
LLNG_WORKERS: 6
# Download assets (used to customize the portal)
artifacts:
defaults:
source: git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets
destination: local/assets/static/common
# Settings for the portal itself
portal:
# URL used by users to reach the portal
@ -53,101 +59,6 @@ llng:
- it
- de
# Custom assets to download. Files will be downloaded and made available for portal customizations
assets:
apps:
backuppc.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/backuppc.png
bitwarden.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bitwarden.png
bookstack.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bookstack.png
calendar.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/calendar.png
diagrams.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/diagrams.png
dokuwiki.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/dokuwiki.png
element.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/element.png
etherpad.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/etherpad.png
firewall.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/firewall.png
freepbx.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/freepbx.png
gitea.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/gitea.png
glpi.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/glpi.png
grafana.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/grafana.png
jenkins.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jenkins.png
jitsi.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jitsi.png
kibana.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kibana.png
kimai.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kimai.png
lemonldap.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/lemonldap.png
matrix.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/matrix.png
metabase.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/metabase.png
miniflux.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/miniflux.png
n8n.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/n8n.png
navidrome.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/navidrome.png
odoo.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/odoo.png
openxpki.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/openxpki.png
paperless.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/paperless.png
penpot.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/penpot.png
pfsense.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pfsense.png
pgadmin.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pgadmin.png
proxmox.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/proxmox.png
rabbitmq.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/rabbitmq.png
registry.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/registry.png
seafile.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/seafile.png
sentry.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sentry.png
sftpgo.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sftpgo.png
sonar.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sonar.png
soti.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/soti.png
squashtm.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/squashtm.png
transmission.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/transmission.png
unifi.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/unifi.png
wordpress.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/wordpress.png
zabbix.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zabbix.png
zimbra.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zimbra.png
zulip.png:
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zulip.png
logos: {}
backgrounds: {}
css: {}
# Traefik settings
traefik: