nomad
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lemonldap-ng/variables.yml

150 lines
3.9 KiB
YAML
Raw Permalink Blame History

---
instance: lemonldap-ng
llng:
nomad:
# A lot of services depends on lemonldap
# so make it a bit higher priority than normal
priority: 60
# Ensure we run different alloc on different hosts
constraints:
- operator: distinct_hosts
value: true
# The same engine can run portal, manager and handler
# The settings below are for the uwsgi engine itself
engine:
# Number of instance to run
count: 1
# Version of Lemonldap::NG to use
version: 2.19.0
# Docker image to use
image: '[[ .docker.repo ]]lemonldap-ng:[[ .llng.engine.version ]]-2'
# Resource allocation
resources:
cpu: 500
memory: 512
# Connect to the database from the service mesh
consul:
connect:
upstreams:
- destination_name: postgres[[ .consul.suffix ]]
local_bind_port: 5432
wait_for:
- service: postgres[[ .consul.suffix ]]
# Vault policices
vault:
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Database settings
postgres:
database: '[[ .instance ]]'
user: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
password: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
# Additional env vars to pass to the container
env:
# Max number of uwsgi workers. You might need to allocation more memory
# if you need to rise this value (or you can just run several instances instead)
LLNG_WORKERS: 6
# Download assets (used to customize the portal)
artifacts:
defaults:
source: git::https://git.lapiole.org/nomad/lemonldap-ng.git//files/assets
destination: local/assets/static/common
# Log level of the engine
log_level: notice
# Settings for the portal itself
portal:
# URL used by users to reach the portal
public_url: https://sso.example.org
# Available languages on the portal
languages:
- en
- fr
- es
- it
- de
# Traefik settings
traefik:
# If disabled, the portal won't be exposed by Traefik
enabled: true
# Disable default CSP as Lemonldap::NG handles it itself
csp: false
auto_rule: false
router: '[[ .instance ]]-portal[[ .consul.suffix ]]'
# Cron jobs
cron:
# Rotate oidc keys (default is disabled)
rotate_oidc_keys: ''
# Cleanup global session store by removing obsolete ones
# Note that this task will only be scheduled on the first allocation (NOMAD_ALLOC_INDEX 0)
# as there's no need to do the cleanup on every instance
clean_global_cache: '@every 10m'
# Cleanup local session and config cache
# This task will also only be scheduled on the first allocation
clean_local_cache: '@every 1h'
# Settings for the configuration manager
manager:
# protection can be "none" (no authentication) or "manager" (the manager is protected by Lemonldap::NG itself, and you must add appropriate
# access rules to access the manager). On initial configuration, you will likely need to set this to none, and switch back to manager only after
# the configuration is working
protection: manager
# The URL to reach the manager
public_url: https://manager.example.org
# Available languages for the manager
languages:
- en
# Traefik settings
traefik:
# If disabled, the manager will not be exposed by Traefik
enabled: true
# Disable default CSP as Lemonldap::NG handle CSP itself
csp: false
router: manager
# The API is exposed by the portal, but usually must be secured differently
# The following settings only apply to the REST/SOAP API
api:
# Traefik settings
traefik:
# If disabled, Traefik won't expose the API
enabled: false
csp: false
middlewares:
compression: false
auto_rule: false
router: api
Reference in New Issue View Git Blame Copy Permalink