Various fixes and enhancements
This commit is contained in:
parent
7d1a98a35a
commit
4c5af66d40
|
@ -16,7 +16,7 @@ Sources = [
|
||||||
{
|
{
|
||||||
Action = "deny"
|
Action = "deny"
|
||||||
HTTP {
|
HTTP {
|
||||||
PathRegex = "^/reload"
|
PathRegex = "^/(reload|status)"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -39,6 +39,7 @@ RUN set -eux &&\
|
||||||
perl-WWW-Form-UrlEncoded \
|
perl-WWW-Form-UrlEncoded \
|
||||||
perl-Class-XSAccessor \
|
perl-Class-XSAccessor \
|
||||||
perl-Email-Sender \
|
perl-Email-Sender \
|
||||||
|
perl-Data-Password-zxcvbn \
|
||||||
nginx \
|
nginx \
|
||||||
&&\
|
&&\
|
||||||
# dnf is an alias using --nodocs, so install doc manually \
|
# dnf is an alias using --nodocs, so install doc manually \
|
||||||
|
|
|
@ -86,6 +86,15 @@ http {
|
||||||
uwsgi_param SCRIPT_NAME $sc;
|
uwsgi_param SCRIPT_NAME $sc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location = /status {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
uwsgi_pass ${LLNG_LISTEN};
|
||||||
|
uwsgi_param LLTYPE status;
|
||||||
|
uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
||||||
|
uwsgi_param SCRIPT_NAME $sc;
|
||||||
|
}
|
||||||
|
|
||||||
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
||||||
include /etc/nginx/uwsgi_params;
|
include /etc/nginx/uwsgi_params;
|
||||||
uwsgi_pass ${LLNG_LISTEN};
|
uwsgi_pass ${LLNG_LISTEN};
|
||||||
|
|
|
@ -70,14 +70,7 @@ job "[[ .instance ]]" {
|
||||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[- range $k1, $v1 := .llng.portal.assets ]]
|
[[ template "common/artifacts" $c ]]
|
||||||
[[- range $k2, $v2 := $v1 ]]
|
|
||||||
artifact {
|
|
||||||
source = "[[ $v2.url ]]"
|
|
||||||
destination = "local/assets/static/common/[[ $k1 ]]"
|
|
||||||
}
|
|
||||||
[[- end ]]
|
|
||||||
[[- end ]]
|
|
||||||
|
|
||||||
env {
|
env {
|
||||||
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
|
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
|
||||||
|
@ -86,6 +79,7 @@ job "[[ .instance ]]" {
|
||||||
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
|
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
|
||||||
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
|
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
|
||||||
CTD_CONFIG = "/local/caretakerd.yaml"
|
CTD_CONFIG = "/local/caretakerd.yaml"
|
||||||
|
[[ template "common/proxy_env" $c ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/file_env" $c.env ]]
|
[[ template "common/file_env" $c.env ]]
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
logger:
|
|
||||||
level: debug
|
|
||||||
services:
|
services:
|
||||||
lemonldap:
|
lemonldap:
|
||||||
type: master
|
type: master
|
||||||
|
@ -7,13 +5,19 @@ services:
|
||||||
local_cache:
|
local_cache:
|
||||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||||
cronExpression: '1 * * * *'
|
cronExpression: '1 * * * *'
|
||||||
|
logger:
|
||||||
|
level: debug
|
||||||
nginx:
|
nginx:
|
||||||
command: ["nginx", "-c", "${LLNG_NGINX_CONF}"]
|
command: ["nginx", "-c", "${LLNG_NGINX_CONF}"]
|
||||||
{{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
|
{{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
|
||||||
global_cache:
|
global_cache:
|
||||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"]
|
command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"]
|
||||||
cronExpression: '10 * * * *'
|
cronExpression: '10 * * * *'
|
||||||
|
logger:
|
||||||
|
level: debug
|
||||||
rotate_oidc_keys:
|
rotate_oidc_keys:
|
||||||
command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"]
|
command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"]
|
||||||
cronExpression: '5 5 * * 6'
|
cronExpression: '5 5 * * 6'
|
||||||
|
logger:
|
||||||
|
level: debug
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -27,6 +27,8 @@ notificationStorageOptions = { \
|
||||||
'type' => 'CDBI', \
|
'type' => 'CDBI', \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
status = 1
|
||||||
|
|
||||||
[configuration]
|
[configuration]
|
||||||
useServerEnv = 1
|
useServerEnv = 1
|
||||||
type = CDBI
|
type = CDBI
|
||||||
|
|
|
@ -86,10 +86,10 @@
|
||||||
"localSessionStorage" : "Cache::FileCache",
|
"localSessionStorage" : "Cache::FileCache",
|
||||||
"localSessionStorageOptions" : {
|
"localSessionStorageOptions" : {
|
||||||
"cache_depth" : 3,
|
"cache_depth" : 3,
|
||||||
"cache_root" : "/var/cache/lemonldap-ng",
|
"cache_root" : "/tmp",
|
||||||
"default_expires_in" : 600,
|
"default_expires_in" : 600,
|
||||||
"directory_umask" : "007",
|
"directory_umask" : "007",
|
||||||
"namespace" : "lemonldap-ng-sessions"
|
"namespace" : "sessions"
|
||||||
},
|
},
|
||||||
"globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST",
|
"globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST",
|
||||||
"globalStorageOptions" : {
|
"globalStorageOptions" : {
|
||||||
|
|
103
variables.yml
103
variables.yml
|
@ -12,7 +12,7 @@ llng:
|
||||||
count: 1
|
count: 1
|
||||||
|
|
||||||
# Docker image to use
|
# Docker image to use
|
||||||
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-2'
|
image: '[[ .docker.repo ]]lemonldap-ng:2.18.1-4'
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
|
@ -40,6 +40,12 @@ llng:
|
||||||
# if you need to rise this value (or you can just run several instances instead)
|
# if you need to rise this value (or you can just run several instances instead)
|
||||||
LLNG_WORKERS: 6
|
LLNG_WORKERS: 6
|
||||||
|
|
||||||
|
# Download assets (used to customize the portal)
|
||||||
|
artifacts:
|
||||||
|
defaults:
|
||||||
|
source: git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets
|
||||||
|
destination: local/assets/static/common
|
||||||
|
|
||||||
# Settings for the portal itself
|
# Settings for the portal itself
|
||||||
portal:
|
portal:
|
||||||
# URL used by users to reach the portal
|
# URL used by users to reach the portal
|
||||||
|
@ -53,101 +59,6 @@ llng:
|
||||||
- it
|
- it
|
||||||
- de
|
- de
|
||||||
|
|
||||||
# Custom assets to download. Files will be downloaded and made available for portal customizations
|
|
||||||
assets:
|
|
||||||
apps:
|
|
||||||
backuppc.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/backuppc.png
|
|
||||||
bitwarden.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bitwarden.png
|
|
||||||
bookstack.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/bookstack.png
|
|
||||||
calendar.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/calendar.png
|
|
||||||
diagrams.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/diagrams.png
|
|
||||||
dokuwiki.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/dokuwiki.png
|
|
||||||
element.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/element.png
|
|
||||||
etherpad.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/etherpad.png
|
|
||||||
firewall.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/firewall.png
|
|
||||||
freepbx.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/freepbx.png
|
|
||||||
gitea.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/gitea.png
|
|
||||||
glpi.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/glpi.png
|
|
||||||
grafana.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/grafana.png
|
|
||||||
jenkins.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jenkins.png
|
|
||||||
jitsi.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/jitsi.png
|
|
||||||
kibana.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kibana.png
|
|
||||||
kimai.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/kimai.png
|
|
||||||
lemonldap.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/lemonldap.png
|
|
||||||
matrix.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/matrix.png
|
|
||||||
metabase.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/metabase.png
|
|
||||||
miniflux.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/miniflux.png
|
|
||||||
n8n.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/n8n.png
|
|
||||||
navidrome.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/navidrome.png
|
|
||||||
odoo.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/odoo.png
|
|
||||||
openxpki.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/openxpki.png
|
|
||||||
paperless.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/paperless.png
|
|
||||||
penpot.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/penpot.png
|
|
||||||
pfsense.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pfsense.png
|
|
||||||
pgadmin.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/pgadmin.png
|
|
||||||
proxmox.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/proxmox.png
|
|
||||||
rabbitmq.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/rabbitmq.png
|
|
||||||
registry.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/registry.png
|
|
||||||
seafile.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/seafile.png
|
|
||||||
sentry.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sentry.png
|
|
||||||
sftpgo.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sftpgo.png
|
|
||||||
sonar.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/sonar.png
|
|
||||||
soti.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/soti.png
|
|
||||||
squashtm.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/squashtm.png
|
|
||||||
transmission.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/transmission.png
|
|
||||||
unifi.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/unifi.png
|
|
||||||
wordpress.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/wordpress.png
|
|
||||||
zabbix.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zabbix.png
|
|
||||||
zimbra.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zimbra.png
|
|
||||||
zulip.png:
|
|
||||||
url: https://git.lapiole.org/dani/ansible-roles/raw/branch/master/roles/lemonldap_ng/files/logos/zulip.png
|
|
||||||
logos: {}
|
|
||||||
backgrounds: {}
|
|
||||||
css: {}
|
|
||||||
|
|
||||||
# Traefik settings
|
# Traefik settings
|
||||||
traefik:
|
traefik:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue