Various fixes and enhancements
This commit is contained in:
parent
7d1a98a35a
commit
4c5af66d40
|
@ -16,7 +16,7 @@ Sources = [
|
|||
{
|
||||
Action = "deny"
|
||||
HTTP {
|
||||
PathRegex = "^/reload"
|
||||
PathRegex = "^/(reload|status)"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
@ -39,6 +39,7 @@ RUN set -eux &&\
|
|||
perl-WWW-Form-UrlEncoded \
|
||||
perl-Class-XSAccessor \
|
||||
perl-Email-Sender \
|
||||
perl-Data-Password-zxcvbn \
|
||||
nginx \
|
||||
&&\
|
||||
# dnf is an alias using --nodocs, so install doc manually \
|
||||
|
|
|
@ -86,6 +86,15 @@ http {
|
|||
uwsgi_param SCRIPT_NAME $sc;
|
||||
}
|
||||
|
||||
location = /status {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
uwsgi_pass ${LLNG_LISTEN};
|
||||
uwsgi_param LLTYPE status;
|
||||
uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
||||
uwsgi_param SCRIPT_NAME $sc;
|
||||
}
|
||||
|
||||
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_pass ${LLNG_LISTEN};
|
||||
|
|
|
@ -70,14 +70,7 @@ job "[[ .instance ]]" {
|
|||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
}
|
||||
|
||||
[[- range $k1, $v1 := .llng.portal.assets ]]
|
||||
[[- range $k2, $v2 := $v1 ]]
|
||||
artifact {
|
||||
source = "[[ $v2.url ]]"
|
||||
destination = "local/assets/static/common/[[ $k1 ]]"
|
||||
}
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
[[ template "common/artifacts" $c ]]
|
||||
|
||||
env {
|
||||
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
|
||||
|
@ -86,6 +79,7 @@ job "[[ .instance ]]" {
|
|||
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
|
||||
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
|
||||
CTD_CONFIG = "/local/caretakerd.yaml"
|
||||
[[ template "common/proxy_env" $c ]]
|
||||
}
|
||||
|
||||
[[ template "common/file_env" $c.env ]]
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
logger:
|
||||
level: debug
|
||||
services:
|
||||
lemonldap:
|
||||
type: master
|
||||
|
@ -7,13 +5,19 @@ services:
|
|||
local_cache:
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||
cronExpression: '1 * * * *'
|
||||
logger:
|
||||
level: debug
|
||||
nginx:
|
||||
command: ["nginx", "-c", "${LLNG_NGINX_CONF}"]
|
||||
{{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
|
||||
global_cache:
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"]
|
||||
cronExpression: '10 * * * *'
|
||||
logger:
|
||||
level: debug
|
||||
rotate_oidc_keys:
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"]
|
||||
cronExpression: '5 5 * * 6'
|
||||
logger:
|
||||
level: debug
|
||||
{{- end }}
|
||||
|
|
|
@ -27,6 +27,8 @@ notificationStorageOptions = { \
|
|||
'type' => 'CDBI', \
|
||||
}
|
||||
|
||||
status = 1
|
||||
|
||||
[configuration]
|
||||
useServerEnv = 1
|
||||
type = CDBI
|
||||
|
|
|
@ -86,10 +86,10 @@
|
|||
"localSessionStorage" : "Cache::FileCache",
|
||||
"localSessionStorageOptions" : {
|
||||
"cache_depth" : 3,
|
||||
"cache_root" : "/var/cache/lemonldap-ng",
|
||||
"cache_root" : "/tmp",
|
||||
"default_expires_in" : 600,
|
||||
"directory_umask" : "007",
|
||||
"namespace" : "lemonldap-ng-sessions"
|
||||
"namespace" : "sessions"
|
||||
},
|
||||
"globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST",
|
||||
"globalStorageOptions" : {
|
||||
|
|
103
variables.yml
103
variables.yml
|
@ -12,7 +12,7 @@ llng:
|
|||
count: 1
|
||||
|
||||
# Docker image to use
|
||||
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-2'
|
||||
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-4'
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
|
@ -40,6 +40,12 @@ llng:
|
|||
# if you need to rise this value (or you can just run several instances instead)
|
||||
LLNG_WORKERS: 6
|
||||
|
||||
# Download assets (used to customize the portal)
|
||||
artifacts:
|
||||
defaults:
|
||||
source: git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets
|
||||
destination: local/assets/static/common
|
||||
|
||||
# Settings for the portal itself
|
||||
portal:
|
||||
# URL used by users to reach the portal
|
||||
|
@ -53,101 +59,6 @@ llng:
|
|||
- it
|
||||
- de
|
||||
|
||||
# Custom assets to download. Files will be downloaded and made available for portal customizations
|
||||
assets:
|
||||
apps:
|
||||
backuppc.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/backuppc.png
|
||||
bitwarden.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bitwarden.png
|
||||
bookstack.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bookstack.png
|
||||
calendar.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/calendar.png
|
||||
diagrams.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/diagrams.png
|
||||
dokuwiki.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/dokuwiki.png
|
||||
element.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/element.png
|
||||
etherpad.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/etherpad.png
|
||||
firewall.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/firewall.png
|
||||
freepbx.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/freepbx.png
|
||||
gitea.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/gitea.png
|
||||
glpi.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/glpi.png
|
||||
grafana.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/grafana.png
|
||||
jenkins.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jenkins.png
|
||||
jitsi.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jitsi.png
|
||||
kibana.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kibana.png
|
||||
kimai.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kimai.png
|
||||
lemonldap.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/lemonldap.png
|
||||
matrix.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/matrix.png
|
||||
metabase.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/metabase.png
|
||||
miniflux.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/miniflux.png
|
||||
n8n.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/n8n.png
|
||||
navidrome.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/navidrome.png
|
||||
odoo.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/odoo.png
|
||||
openxpki.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/openxpki.png
|
||||
paperless.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/paperless.png
|
||||
penpot.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/penpot.png
|
||||
pfsense.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pfsense.png
|
||||
pgadmin.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pgadmin.png
|
||||
proxmox.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/proxmox.png
|
||||
rabbitmq.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/rabbitmq.png
|
||||
registry.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/registry.png
|
||||
seafile.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/seafile.png
|
||||
sentry.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sentry.png
|
||||
sftpgo.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sftpgo.png
|
||||
sonar.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sonar.png
|
||||
soti.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/soti.png
|
||||
squashtm.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/squashtm.png
|
||||
transmission.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/transmission.png
|
||||
unifi.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/unifi.png
|
||||
wordpress.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/wordpress.png
|
||||
zabbix.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zabbix.png
|
||||
zimbra.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zimbra.png
|
||||
zulip.png:
|
||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zulip.png
|
||||
logos: {}
|
||||
backgrounds: {}
|
||||
css: {}
|
||||
|
||||
# Traefik settings
|
||||
traefik:
|
||||
|
||||
|
|
Loading…
Reference in New Issue