squid/squid.nomad.hcl

[[- $c := merge .squid . -]]

job [[ $c.instance | toJSON ]] {

[[ template "common/job_start.tpl" $c ]]

  group "squid" {
    network {
      mode = "bridge"
    }

    service {
      name = "[[ $c.instance ]][[ $c.consul.suffix ]]"
      port = 3128
[[ template "common/connect.tpl" $c ]]
    }

    task "squid" {
      driver = [[ $c.nomad.driver | toJSON ]]
  
      config {
        image = [[ .squid.image | toJSON ]]
        #readonly_rootfs = true
        pids_limit = 100
        volumes = [
          "local/filter-acl.sh:/entrypoint.d/30-filter-acl.sh:ro"
        ]
      }

      env {
        SQUID_LISTS_DIR = "/local/lists"
        SQUID_CONF_5_auth_param = "basic program /usr/lib/squid/basic_ncsa_auth /secrets/squid/auth"
        SQUID_CONF_5_acl = "ssl_ports port [[ join .squid.ssl_ports " " ]]"
        SQUID_CONF_40_include = "/secrets/squid/conf.d/*.conf"
      }

      template {
        data =<<_EOT
[[ template "squid/filter_acl.sh.tpl" . ]]
_EOT
        destination = "local/filter-acl.sh"
        uid = 100000
        gid = 100000
        perms = 755
      }

      template {
        data =<<_EOT
[[ template "squid/reload.sh.tpl" . ]]
_EOT
        destination = "local/reload.sh"
        uid = 100000
        gid = 100000
        perms = 755
      }

      template {
        data =<<_EOT
[[ template "squid/auth.tpl" . ]]
_EOT
        destination = "secrets/squid/auth"
        uid = 100000
        gid = 100031
        perms = 0640
        change_mode = "noop"
      }

      template {
        data =<<_EOT
[[ template "squid/acl.conf.tpl" . ]]
_EOT
        destination = "secrets/squid/conf.d/acl.conf"
        uid = 100000
        gid = 100031
        perms = 0640
        change_mode = "script"
        change_script {
          command = "/local/reload.sh"
        }
      }

[[- range $k, $v := .squid.lists ]]
  [[- if has $v "url" ]]

      artifact {
        source = [[ $v.url | toJSON ]]
        destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"
        mode = "file"
      }
  [[- else if has $v "content" ]]

      template {
        data =<<_EOT
[[ $v.content ]]
_EOT
        destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"
        change_mode = "script"
        change_script {
          command = "/local/reload.sh"
        }
      }
  [[- end ]]
[[- end ]]
  
[[- template "common/file_env.tpl" $c.env ]]
[[- template "common/resources.tpl" .squid.resources ]]
    }
  }
}
Initial commit 2023-10-16 00:31:11 +02:00			`[[- $c := merge .squid . -]]`

			`job [[ $c.instance \| toJSON ]] {`

			`[[ template "common/job_start.tpl" $c ]]`

			`group "squid" {`
			`network {`
			`mode = "bridge"`
			`}`

			`service {`
			`name = "[[ $c.instance ]][[ $c.consul.suffix ]]"`
			`port = 3128`
			`[[ template "common/connect.tpl" $c ]]`
			`}`

			`task "squid" {`
			`driver = [[ $c.nomad.driver \| toJSON ]]`

			`config {`
			`image = [[ .squid.image \| toJSON ]]`
			`#readonly_rootfs = true`
			`pids_limit = 100`
Remove http_access for non existing acl 2023-10-18 14:52:04 +02:00			`volumes = [`
			`"local/filter-acl.sh:/entrypoint.d/30-filter-acl.sh:ro"`
			`]`
Initial commit 2023-10-16 00:31:11 +02:00			`}`

			`env {`
			`SQUID_LISTS_DIR = "/local/lists"`
Remove http_access for non existing acl 2023-10-18 14:52:04 +02:00			`SQUID_CONF_5_auth_param = "basic program /usr/lib/squid/basic_ncsa_auth /secrets/squid/auth"`
			`SQUID_CONF_5_acl = "ssl_ports port [[ join .squid.ssl_ports " " ]]"`
			`SQUID_CONF_40_include = "/secrets/squid/conf.d/*.conf"`
			`}`

			`template {`
			`data =<<_EOT`
			`[[ template "squid/filter_acl.sh.tpl" . ]]`
			`_EOT`
			`destination = "local/filter-acl.sh"`
			`uid = 100000`
			`gid = 100000`
			`perms = 755`
			`}`

			`template {`
			`data =<<_EOT`
			`[[ template "squid/reload.sh.tpl" . ]]`
			`_EOT`
			`destination = "local/reload.sh"`
			`uid = 100000`
			`gid = 100000`
			`perms = 755`
Initial commit 2023-10-16 00:31:11 +02:00			`}`

			`template {`
			`data =<<_EOT`
			`[[ template "squid/auth.tpl" . ]]`
			`_EOT`
			`destination = "secrets/squid/auth"`
			`uid = 100000`
			`gid = 100031`
			`perms = 0640`
			`change_mode = "noop"`
			`}`

			`template {`
			`data =<<_EOT`
			`[[ template "squid/acl.conf.tpl" . ]]`
			`_EOT`
			`destination = "secrets/squid/conf.d/acl.conf"`
			`uid = 100000`
			`gid = 100031`
			`perms = 0640`
Remove http_access for non existing acl 2023-10-18 14:52:04 +02:00			`change_mode = "script"`
			`change_script {`
			`command = "/local/reload.sh"`
			`}`
Initial commit 2023-10-16 00:31:11 +02:00			`}`

			`[[- range $k, $v := .squid.lists ]]`
			`[[- if has $v "url" ]]`

			`artifact {`
			`source = [[ $v.url \| toJSON ]]`
			`destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"`
			`mode = "file"`
			`}`
			`[[- else if has $v "content" ]]`

			`template {`
			`data =<<_EOT`
			`[[ $v.content ]]`
			`_EOT`
			`destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"`
Remove http_access for non existing acl 2023-10-18 14:52:04 +02:00			`change_mode = "script"`
			`change_script {`
			`command = "/local/reload.sh"`
			`}`
Initial commit 2023-10-16 00:31:11 +02:00			`}`
			`[[- end ]]`
			`[[- end ]]`

			`[[- template "common/file_env.tpl" $c.env ]]`
			`[[- template "common/resources.tpl" .squid.resources ]]`
			`}`
			`}`
			`}`