Cleanup
This commit is contained in:
parent
04a1a75d33
commit
fd2798d182
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
vault write database/roles/lemonldap-ng \
|
vault write /database/roles/lemonldap-ng \
|
||||||
db_name="postgres" \
|
db_name="postgres" \
|
||||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||||
GRANT \"lemonldap-ng\" TO \"{{name}}\"; \
|
GRANT \"lemonldap-ng\" TO \"{{name}}\"; \
|
||||||
|
|
|
@ -58,8 +58,8 @@ job "lemonldap-ng" {
|
||||||
|
|
||||||
|
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.http.routers.lemonldap-ng-manager.rule=Host(`manager.example.org`)",
|
|
||||||
"traefik.http.routers.lemonldap-ng-manager.entrypoints=https",
|
"traefik.http.routers.lemonldap-ng-manager.entrypoints=https",
|
||||||
|
"traefik.http.routers.lemonldap-ng-manager.rule=Host(`manager.example.org`)",
|
||||||
"traefik.http.routers.lemonldap-ng-manager.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file",
|
"traefik.http.routers.lemonldap-ng-manager.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file",
|
||||||
|
|
||||||
|
|
||||||
|
@ -274,8 +274,8 @@ PGHOST=127.0.0.1
|
||||||
PGDATABASE=lemonldap-ng
|
PGDATABASE=lemonldap-ng
|
||||||
PGSSLMODE=disable
|
PGSSLMODE=disable
|
||||||
PGPORT=5432
|
PGPORT=5432
|
||||||
PGUSER={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.username }}{{ end }}
|
PGUSER={{ with secret "/database/creds/lemonldap-ng" }}{{ .Data.username }}{{ end }}
|
||||||
PGPASSWORD={{ with secret "database/creds/lemonldap-ng" }}{{ .Data.password }}{{ end }}
|
PGPASSWORD={{ with secret "/database/creds/lemonldap-ng" }}{{ .Data.password }}{{ end }}
|
||||||
_EOT
|
_EOT
|
||||||
destination = "secrets/.db.env"
|
destination = "secrets/.db.env"
|
||||||
uid = 100000
|
uid = 100000
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if [ "lemonldap-ng" != "lemonldap-ng" ]; then
|
|
||||||
for DIR in vault consul nomad; do
|
|
||||||
if [ -d output/${DIR} ]; then
|
|
||||||
for FILE in $(find output/${DIR} -name "*lemonldap-ng*.hcl" -type f); do
|
|
||||||
NEW_FILE=$(echo "${FILE}" | sed -E "s/lemonldap-ng/lemonldap-ng/g")
|
|
||||||
mv "${FILE}" "${NEW_FILE}"
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
path "kv/sevrice/lemonldap-ng" {
|
path "/kv/sevrice/lemonldap-ng" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
path "database/creds/lemonldap-ng" {
|
path "/database/creds/lemonldap-ng" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,4 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
[[- template "common/vault.mkpgrole.sh"
|
[[ template "common/vault.mkpgrole.sh" merge .llng.engine . ]]
|
||||||
dict "ctx" .
|
|
||||||
"config" (dict "role" .instance "database" "postgres")
|
|
||||||
]]
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "lemonldap-ng" .instance) ]]
|
|
|
@ -42,8 +42,8 @@ llng:
|
||||||
# Database settings
|
# Database settings
|
||||||
postgres:
|
postgres:
|
||||||
database: '[[ .instance ]]'
|
database: '[[ .instance ]]'
|
||||||
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
user: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||||
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
password: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||||
|
|
||||||
# Additional env vars to pass to the container
|
# Additional env vars to pass to the container
|
||||||
env:
|
env:
|
||||||
|
@ -123,7 +123,7 @@ llng:
|
||||||
# Disable default CSP as Lemonldap::NG handle CSP itself
|
# Disable default CSP as Lemonldap::NG handle CSP itself
|
||||||
csp: false
|
csp: false
|
||||||
|
|
||||||
router: '[[ .instance ]]-manager[[ .consul.suffix ]]'
|
router: manager
|
||||||
|
|
||||||
# The API is exposed by the portal, but usually must be secured differently
|
# The API is exposed by the portal, but usually must be secured differently
|
||||||
# The following settings only apply to the REST/SOAP API
|
# The following settings only apply to the REST/SOAP API
|
||||||
|
@ -141,5 +141,5 @@ llng:
|
||||||
compression: false
|
compression: false
|
||||||
|
|
||||||
auto_rule: false
|
auto_rule: false
|
||||||
router: '[[ .instance ]]-api[[ .consul.suffix ]]'
|
router: api
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
path "[[ .vault.prefix ]]kv/sevrice/[[ .instance ]]" {
|
path "[[ .vault.root ]]kv/sevrice/[[ .instance ]]" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
||||||
path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
|
path "[[ .vault.root ]]database/creds/[[ .instance ]]" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue