135 lines
4.8 KiB
HCL
135 lines
4.8 KiB
HCL
job "[[ .instance ]]" {
|
|
|
|
[[ template "common/job_start" merge .llng . ]]
|
|
|
|
group "lemonldap-ng" {
|
|
[[- $c := merge .llng.engine . ]]
|
|
|
|
count = [[ $c.count ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
|
port = 8080
|
|
|
|
[[ template "common/connect" $c ]]
|
|
|
|
[[- $p := merge .llng.portal . ]]
|
|
[[- $m := merge .llng.manager . ]]
|
|
[[- $a := merge .llng.api . ]]
|
|
tags = [
|
|
|
|
[[- if $p.traefik.enabled ]]
|
|
"[[ $p.traefik.instance ]].enable=true",
|
|
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && !PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
|
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join $p.traefik.entrypoints "," ]]",
|
|
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].priority=100",
|
|
"[[ $p.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $p.traefik ]]",
|
|
[[- end ]]
|
|
|
|
[[- if $m.traefik.enabled ]]
|
|
[[- if ne $m.traefik.instance $c.traefik.instance ]]
|
|
"[[ $m.traefik.instance ]].enable=true",
|
|
[[- end ]]
|
|
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].rule=Host(`[[ (urlParse $m.public_url).Hostname ]]`)",
|
|
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].entrypoints=[[ join $m.traefik.entrypoints "," ]]",
|
|
"[[ $m.traefik.instance ]].http.routers.[[ .instance ]]-manager[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $m.traefik ]]",
|
|
[[- end ]]
|
|
|
|
[[- if $a.traefik.enabled ]]
|
|
[[- if $a.traefik.instance ne $p.traefik.instance ]]
|
|
"[[ $a.traefik.instance ]].enable=true",
|
|
[[- end ]]
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].entrypoints=[[ join $a.traefik.entrypoints "," ]]",
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].priority=200",
|
|
"[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares" $a.traefik ]]",
|
|
[[- end ]]
|
|
|
|
]
|
|
}
|
|
|
|
task "lemonldap-ng" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
config {
|
|
image = [[ $c.image | toJSON ]]
|
|
readonly_rootfs = true
|
|
pids_limit = 200
|
|
volumes = [
|
|
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
|
"local/init-db.sh:/entrypoint.d/20-initdb.sh:ro",
|
|
]
|
|
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
|
}
|
|
|
|
vault {
|
|
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
|
}
|
|
|
|
[[ template "common/artifacts" $c ]]
|
|
|
|
env {
|
|
LLNG_NGINX_LISTEN = "127.0.0.1:8080"
|
|
LLNG_LISTEN = "unix:/tmp/llng.sock"
|
|
LLNG_MANAGER_VHOST = [[ (urlParse .llng.manager.public_url).Hostname | toJSON ]]
|
|
LLNG_PORTAL_VHOST = [[ (urlParse .llng.portal.public_url).Hostname | toJSON ]]
|
|
LLNG_CUSTOM_ASSETS_DIR = "/local/assets"
|
|
CTD_CONFIG = "/local/caretakerd.yaml"
|
|
[[ template "common/proxy_env" $c ]]
|
|
}
|
|
|
|
[[ template "common/file_env" $c.env ]]
|
|
|
|
# Main Lemonldap::NG configuration
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "lemonldap-ng/lemonldap-ng.ini.tpl" $c ]]
|
|
_EOT
|
|
destination = "secrets/lemonldap-ng.ini"
|
|
uid = 100048
|
|
gid = 100048
|
|
perms = 440
|
|
}
|
|
|
|
# This is a striped down config, just used to migrate file based config to database on first start
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "lemonldap-ng/init.ini.tpl" $c ]]
|
|
_EOT
|
|
destination = "local/init.ini"
|
|
}
|
|
|
|
# A small script to handle initialization (create tables, indexes, load initial config in the DB)
|
|
template {
|
|
data = <<_EOT
|
|
[[ template "lemonldap-ng/init.sh.tpl" . ]]
|
|
_EOT
|
|
destination = "local/init-db.sh"
|
|
perms = 755
|
|
}
|
|
|
|
# Custom file based config, which will be migrated to the database
|
|
template {
|
|
data = <<_EOT
|
|
[[ template "lemonldap-ng/lmConf-1.json.tpl" . ]]
|
|
_EOT
|
|
destination = "local/lmConf-1.json"
|
|
}
|
|
|
|
# caretakerd is the init system used to run LL::NG, nginx and cron tasks
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "lemonldap-ng/caretakerd.yaml.tpl" . ]]
|
|
_EOT
|
|
destination = "local/caretakerd.yaml"
|
|
}
|
|
|
|
[[ template "common/resources" $c.resources ]]
|
|
}
|
|
}
|
|
}
|