job "[[ .instance ]]" { [[ template "common/job_start" merge .llng . ]] group "lemonldap-ng" { [[- $c := merge .llng.engine .llng . ]] count = [[ $c.count ]] shutdown_delay = "6s" [[ template "common/constraints" $c ]] network { mode = "bridge" } service { name = "[[ .instance ]][[ .consul.suffix ]]" port = 8080 [[ template "common/service_meta" $c ]] [[ template "common/connect" $c ]] [[- $p := merge .llng.portal . ]] [[- $m := merge .llng.manager . ]] [[- $a := merge .llng.api .llng.portal . ]] tags = [ "[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)", [[ template "common/traefik_tags" $p ]] [[ template "common/traefik_tags" $m ]] "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)", [[ template "common/traefik_tags" $a ]] ] } [[ template "common/task.wait_for" $c ]] [[ template "common/task.pgpooler" $c ]] task "lemonldap-ng" { driver = [[ $c.nomad.driver | toJSON ]] config { image = [[ $c.image | toJSON ]] readonly_rootfs = true pids_limit = 200 volumes = [ "secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro", "local/init-db.sh:/entrypoint.d/20-initdb.sh:ro", "local/minit.d/lemonldap-ng.yml:/etc/minit.d/lemonldap-ng.yml:ro" ] [[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]] } [[ template "common/vault.policies" $c ]] [[ template "common/artifacts" $c ]] env { LLNG_NGINX_LISTEN = "127.0.0.1:8080" LLNG_LISTEN = "unix:/tmp/llng.sock" LLNG_MANAGER_VHOST = [[ (urlParse .llng.manager.public_url).Hostname | toJSON ]] LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]] LLNG_CUSTOM_ASSETS_DIR = "/local/assets" } [[ template "common/file_env" $c ]] # Main Lemonldap::NG configuration template { data =<<_EOT [[ template "lemonldap-ng/lemonldap-ng.ini.tpl" $c ]] _EOT destination = "secrets/lemonldap-ng.ini" uid = 100048 gid = 100048 perms = 440 } # This is a striped down config, just used to migrate file based config to database on first start template { data =<<_EOT [[ template "lemonldap-ng/init.ini.tpl" $c ]] _EOT destination = "local/init.ini" } # Database settings template { data =<<_EOT PGHOST=[[ $c.postgres.host ]] PGDATABASE=[[ $c.postgres.database ]] [[- if ne $c.postgres.pooler.engine "none" ]] PGPORT=[[ $c.postgres.pooler.port ]] PGUSER=[[ .instance ]] PGPASSWORD={{ env "NOMAD_ALLOC_ID" }} [[- else ]] [[- if and (not (has $c.env "PGSSLMODE")) (regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host) ]] PGSSLMODE=disable [[- end ]] PGPORT=[[ $c.postgres.port ]] PGUSER=[[ $c.postgres.user ]] PGPASSWORD=[[ $c.postgres.password ]] [[- end ]] _EOT destination = "secrets/.db.env" uid = 100000 gid = 100000 perms = 400 env = true } # A small script to handle initialization (create tables, indexes, load initial config in the DB) template { data = <<_EOT [[ template "lemonldap-ng/init.sh.tpl" $c ]] _EOT destination = "local/init-db.sh" perms = 755 } # Custom file based config, which will be migrated to the database template { data = <<_EOT [[ template "lemonldap-ng/lmConf-1.json.tpl" . ]] _EOT destination = "local/lmConf-1.json" } # Configure minit to start uwsgi, nginx, cron tasks template { data =<<_EOT [[ template "lemonldap-ng/minit.yml.tpl" . ]] _EOT destination = "local/minit.d/lemonldap-ng.yml" } [[ template "common/resources" $c ]] } } }