Cleanup
This commit is contained in:
parent
a01b73a9e3
commit
1801bfdb17
|
@ -1 +1 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "squid" .squid.instance) ]]
|
||||
[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "squid" .instance) ]]
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
[[- $c := merge .squid . -]]
|
||||
|
||||
job [[ $c.instance | toJSON ]] {
|
||||
job [[ .instance | toJSON ]] {
|
||||
|
||||
[[ template "common/job_start.tpl" $c ]]
|
||||
[[ template "common/job_start" $c ]]
|
||||
|
||||
group "squid" {
|
||||
network {
|
||||
|
@ -10,28 +10,28 @@ job [[ $c.instance | toJSON ]] {
|
|||
}
|
||||
|
||||
service {
|
||||
name = "[[ $c.instance ]][[ $c.consul.suffix ]]"
|
||||
name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||
port = 3128
|
||||
[[ template "common/connect.tpl" $c ]]
|
||||
[[ template "common/connect" $c ]]
|
||||
}
|
||||
|
||||
task "squid" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .squid.image | toJSON ]]
|
||||
image = [[ .squid.image | toJSON ]]
|
||||
readonly_rootfs = true
|
||||
pids_limit = 100
|
||||
volumes = [
|
||||
pids_limit = 100
|
||||
volumes = [
|
||||
"secrets/:/etc/squid/conf.d",
|
||||
"local/filter-acl.sh:/entrypoint.d/30-filter-acl.sh:ro"
|
||||
]
|
||||
}
|
||||
|
||||
env {
|
||||
SQUID_LISTS_DIR = "/local/lists"
|
||||
SQUID_LISTS_DIR = "/local/lists"
|
||||
SQUID_CONF_5_auth_param = "basic program /usr/lib/squid/basic_ncsa_auth /secrets/auth"
|
||||
SQUID_CONF_5_acl = "ssl_ports port [[ join .squid.ssl_ports " " ]]"
|
||||
SQUID_CONF_5_acl = "ssl_ports port [[ join .squid.ssl_ports " " ]]"
|
||||
}
|
||||
|
||||
template {
|
||||
|
@ -83,9 +83,9 @@ _EOT
|
|||
[[- if has $v "url" ]]
|
||||
|
||||
artifact {
|
||||
source = [[ $v.url | toJSON ]]
|
||||
source = [[ $v.url | toJSON ]]
|
||||
destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"
|
||||
mode = "file"
|
||||
mode = "file"
|
||||
}
|
||||
[[- else if has $v "content" ]]
|
||||
|
||||
|
@ -102,8 +102,8 @@ _EOT
|
|||
[[- end ]]
|
||||
[[- end ]]
|
||||
|
||||
[[- template "common/file_env.tpl" $c.env ]]
|
||||
[[- template "common/resources.tpl" .squid.resources ]]
|
||||
[[- template "common/file_env" $c.env ]]
|
||||
[[- template "common/resources" .squid.resources ]]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
---
|
||||
|
||||
# Name of this instance (job name and service name)
|
||||
instance: squid
|
||||
|
||||
squid:
|
||||
# Name of this instance (job name and service name)
|
||||
instance: squid
|
||||
|
||||
# Docker image to use
|
||||
image: danielberteaud/squid:23.10-6
|
||||
image: '[[ .docker.repo ]]squid:23.12-1'
|
||||
|
||||
# Resources
|
||||
resources:
|
||||
|
@ -43,6 +44,7 @@ squid:
|
|||
- 8443
|
||||
- 8006
|
||||
- 8007
|
||||
- 8448
|
||||
|
||||
# List of domain to build black/white lists
|
||||
# content can be used to directly set the content of the list (which can include consul-template fragment to read from consul KV store)
|
||||
|
@ -72,16 +74,16 @@ squid:
|
|||
category: white
|
||||
whitelist:
|
||||
content: |
|
||||
{{- if keyExists "[[ .consul.prefix ]]service/[[ .squid.instance ]]/lists/white" }}
|
||||
{{ key "[[ .consul.prefix ]]service/[[ .squid.instance ]]/lists/white" }}
|
||||
{{- if keyExists "[[ .consul.prefix ]]service/[[ .instance ]]/lists/white" }}
|
||||
{{ key "[[ .consul.prefix ]]service/[[ .instance ]]/lists/white" }}
|
||||
{{- end }}
|
||||
category: white
|
||||
blacklist:
|
||||
content: |
|
||||
# Add an fake domain to prevents warnings in case Consul has no blacklist entry
|
||||
.nonexistingdomain
|
||||
{{- if keyExists "[[ .consul.prefix ]]service/[[ .squid.instance ]]/lists/black" }}
|
||||
{{ key "[[ .consul.prefix ]]service/[[ .squid.instance ]]/lists/black" }}
|
||||
{{- if keyExists "[[ .consul.prefix ]]service/[[ .instance ]]/lists/black" }}
|
||||
{{ key "[[ .consul.prefix ]]service/[[ .instance ]]/lists/black" }}
|
||||
{{- end }}
|
||||
category: black
|
||||
|
||||
|
|
Loading…
Reference in New Issue