nomad
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lemonldap-ng/lemonldap-ng.nomad.hcl

155 lines
4.3 KiB
HCL
Raw Permalink Blame History

job "[[ .instance ]]" {
[[ template "common/job_start" merge .llng . ]]
group "lemonldap-ng" {
[[- $c := merge .llng.engine .llng . ]]
[[ template "common/group_start" $c ]]
[[ template "common/constraints" $c ]]
network {
mode = "bridge"
}
service {
name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8080
[[ template "common/service_meta" $c ]]
[[ template "common/connect" $c ]]
check {
type = "http"
path = "/ping"
expose = true
interval = "[[ $c.consul.check.interval ]]"
timeout = "[[ $c.consul.check.timeout ]]"
check_restart {
limit = 6
grace = "5m"
}
}
[[- $p := merge .llng.portal . ]]
[[- $m := merge .llng.manager . ]]
[[- $a := merge .llng.api .llng.portal . ]]
tags = [
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)",
[[ template "common/traefik_tags" $p ]]
[[ template "common/traefik_tags" $m ]]
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
[[ template "common/traefik_tags" $a ]]
]
}
[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgpooler" $c ]]
task "lemonldap-ng" {
driver = "[[ $c.nomad.driver ]]"
config {
[[ template "common/image" $c ]]
pids_limit = 200
volumes = [
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
"local/init-db.sh:/entrypoint.d/20-initdb.sh:ro",
"local/minit.d/lemonldap-ng.yml:/etc/minit.d/lemonldap-ng.yml:ro"
]
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
}
[[ template "common/vault.policies" $c ]]
[[ template "common/artifacts" $c ]]
env {
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
LLNG_LISTEN = "unix:/tmp/llng.sock"
LLNG_MANAGER_VHOST = [[ (urlParse .llng.manager.public_url).Hostname | toJSON ]]
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
}
[[ template "common/file_env" $c ]]
# Main Lemonldap::NG configuration
template {
data =<<_EOT
[[ template "lemonldap-ng/lemonldap-ng.ini.tpl" $c ]]
_EOT
destination = "secrets/lemonldap-ng.ini"
uid = 100048
gid = 100048
perms = 440
}
# This is a striped down config, just used to migrate file based config to database on first start
template {
data =<<_EOT
[[ template "lemonldap-ng/init.ini.tpl" $c ]]
_EOT
destination = "local/init.ini"
}
# Database settings
template {
data =<<_EOT
PGHOST=[[ $c.postgres.host ]]
PGDATABASE=[[ $c.postgres.database ]]
[[- if ne $c.postgres.pooler.engine "none" ]]
PGPORT=[[ $c.postgres.pooler.port ]]
PGUSER=[[ .instance ]]
PGPASSWORD={{ env "NOMAD_ALLOC_ID" }}
[[- else ]]
[[- if and (not (has $c.env "PGSSLMODE")) (regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host) ]]
PGSSLMODE=disable
[[- end ]]
PGPORT=[[ $c.postgres.port ]]
PGUSER=[[ $c.postgres.user ]]
PGPASSWORD=[[ $c.postgres.password ]]
[[- end ]]
_EOT
destination = "secrets/.db.env"
uid = 100000
gid = 100000
perms = 400
env = true
}
# A small script to handle initialization (create tables, indexes, load initial config in the DB)
template {
data = <<_EOT
[[ template "lemonldap-ng/init.sh.tpl" $c ]]
_EOT
destination = "local/init-db.sh"
perms = 755
}
# Custom file based config, which will be migrated to the database
template {
data = <<_EOT
[[ template "lemonldap-ng/lmConf-1.json.tpl" . ]]
_EOT
destination = "local/lmConf-1.json"
}
# Configure minit to start uwsgi, nginx, cron tasks
template {
data =<<_EOT
[[ template "lemonldap-ng/minit.yml.tpl" . ]]
_EOT
destination = "local/minit.d/lemonldap-ng.yml"
}
[[ template "common/resources" $c ]]
}
}
}
Reference in New Issue View Git Blame Copy Permalink