diff --git a/consul/config/service-intentions/lemonldap-ng.hcl b/consul/config/service-intentions/lemonldap-ng.hcl index e055321..8e5a3ac 100644 --- a/consul/config/service-intentions/lemonldap-ng.hcl +++ b/consul/config/service-intentions/lemonldap-ng.hcl @@ -16,7 +16,7 @@ Sources = [ { Action = "deny" HTTP { - PathRegex = "^/reload" + PathRegex = "^/(reload|status)" } }, { diff --git a/images/lemonldap-ng/Dockerfile b/images/lemonldap-ng/Dockerfile index 07d2923..6239956 100644 --- a/images/lemonldap-ng/Dockerfile +++ b/images/lemonldap-ng/Dockerfile @@ -39,6 +39,7 @@ RUN set -eux &&\ perl-WWW-Form-UrlEncoded \ perl-Class-XSAccessor \ perl-Email-Sender \ + perl-Data-Password-zxcvbn \ nginx \ &&\ # dnf is an alias using --nodocs, so install doc manually \ diff --git a/images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template b/images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template index e42b7a7..33b025e 100644 --- a/images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template +++ b/images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template @@ -86,6 +86,15 @@ http { uwsgi_param SCRIPT_NAME $sc; } + location = /status { + allow 127.0.0.1; + deny all; + uwsgi_pass ${LLNG_LISTEN}; + uwsgi_param LLTYPE status; + uwsgi_param SCRIPT_FILENAME $document_root$sc; + uwsgi_param SCRIPT_NAME $sc; + } + location ~ ^(?/.*\.psgi)(?:$|/) { include /etc/nginx/uwsgi_params; uwsgi_pass ${LLNG_LISTEN}; diff --git a/lemonldap-ng.nomad.hcl b/lemonldap-ng.nomad.hcl index 85ae82d..ff4e899 100644 --- a/lemonldap-ng.nomad.hcl +++ b/lemonldap-ng.nomad.hcl @@ -70,14 +70,7 @@ job "[[ .instance ]]" { policies = ["[[ .instance ]][[ .consul.suffix ]]"] } -[[- range $k1, $v1 := .llng.portal.assets ]] - [[- range $k2, $v2 := $v1 ]] - artifact { - source = "[[ $v2.url ]]" - destination = "local/assets/static/common/[[ $k1 ]]" - } - [[- end ]] -[[- end ]] +[[ template "common/artifacts" $c ]] env { LLNG_NGINX_LISTEN = "127.0.0.1:8080" @@ -86,6 +79,7 @@ job "[[ .instance ]]" { LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]] LLNG_CUSTOM_ASSETS_DIR = "/local/assets" CTD_CONFIG = "/local/caretakerd.yaml" +[[ template "common/proxy_env" $c ]] } [[ template "common/file_env" $c.env ]] diff --git a/templates/caretakerd.yaml.tpl b/templates/caretakerd.yaml.tpl index 1196696..c46d617 100644 --- a/templates/caretakerd.yaml.tpl +++ b/templates/caretakerd.yaml.tpl @@ -1,5 +1,3 @@ -logger: - level: debug services: lemonldap: type: master @@ -7,13 +5,19 @@ services: local_cache: command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"] cronExpression: '1 * * * *' + logger: + level: debug nginx: command: ["nginx", "-c", "${LLNG_NGINX_CONF}"] {{- if eq (env "NOMAD_ALLOC_INDEX") "0" }} global_cache: command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"] cronExpression: '10 * * * *' + logger: + level: debug rotate_oidc_keys: command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"] cronExpression: '5 5 * * 6' + logger: + level: debug {{- end }} diff --git a/templates/lemonldap-ng.ini.tpl b/templates/lemonldap-ng.ini.tpl index 658b929..44f83a1 100644 --- a/templates/lemonldap-ng.ini.tpl +++ b/templates/lemonldap-ng.ini.tpl @@ -27,6 +27,8 @@ notificationStorageOptions = { \ 'type' => 'CDBI', \ } +status = 1 + [configuration] useServerEnv = 1 type = CDBI diff --git a/templates/lmConf-1.json.tpl b/templates/lmConf-1.json.tpl index 4121aa9..9488d24 100644 --- a/templates/lmConf-1.json.tpl +++ b/templates/lmConf-1.json.tpl @@ -86,10 +86,10 @@ "localSessionStorage" : "Cache::FileCache", "localSessionStorageOptions" : { "cache_depth" : 3, - "cache_root" : "/var/cache/lemonldap-ng", + "cache_root" : "/tmp", "default_expires_in" : 600, "directory_umask" : "007", - "namespace" : "lemonldap-ng-sessions" + "namespace" : "sessions" }, "globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST", "globalStorageOptions" : { diff --git a/variables.yml b/variables.yml index 2fb828d..c2ead50 100644 --- a/variables.yml +++ b/variables.yml @@ -12,7 +12,7 @@ llng: count: 1 # Docker image to use - image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-2' + image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-4' # Resource allocation resources: @@ -40,6 +40,12 @@ llng: # if you need to rise this value (or you can just run several instances instead) LLNG_WORKERS: 6 + # Download assets (used to customize the portal) + artifacts: + defaults: + source: git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets + destination: local/assets/static/common + # Settings for the portal itself portal: # URL used by users to reach the portal @@ -53,101 +59,6 @@ llng: - it - de - # Custom assets to download. Files will be downloaded and made available for portal customizations - assets: - apps: - backuppc.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/backuppc.png - bitwarden.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bitwarden.png - bookstack.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bookstack.png - calendar.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/calendar.png - diagrams.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/diagrams.png - dokuwiki.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/dokuwiki.png - element.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/element.png - etherpad.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/etherpad.png - firewall.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/firewall.png - freepbx.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/freepbx.png - gitea.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/gitea.png - glpi.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/glpi.png - grafana.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/grafana.png - jenkins.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jenkins.png - jitsi.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jitsi.png - kibana.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kibana.png - kimai.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kimai.png - lemonldap.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/lemonldap.png - matrix.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/matrix.png - metabase.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/metabase.png - miniflux.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/miniflux.png - n8n.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/n8n.png - navidrome.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/navidrome.png - odoo.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/odoo.png - openxpki.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/openxpki.png - paperless.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/paperless.png - penpot.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/penpot.png - pfsense.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pfsense.png - pgadmin.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pgadmin.png - proxmox.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/proxmox.png - rabbitmq.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/rabbitmq.png - registry.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/registry.png - seafile.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/seafile.png - sentry.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sentry.png - sftpgo.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sftpgo.png - sonar.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sonar.png - soti.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/soti.png - squashtm.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/squashtm.png - transmission.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/transmission.png - unifi.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/unifi.png - wordpress.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/wordpress.png - zabbix.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zabbix.png - zimbra.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zimbra.png - zulip.png: - url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zulip.png - logos: {} - backgrounds: {} - css: {} - # Traefik settings traefik: