83 lines
1.8 KiB
HCL
83 lines
1.8 KiB
HCL
[[- $c := merge .squid . -]]
|
|
|
|
job [[ $c.instance | toJSON ]] {
|
|
|
|
[[ template "common/job_start.tpl" $c ]]
|
|
|
|
group "squid" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "[[ $c.instance ]][[ $c.consul.suffix ]]"
|
|
port = 3128
|
|
[[ template "common/connect.tpl" $c ]]
|
|
}
|
|
|
|
task "squid" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
config {
|
|
image = [[ .squid.image | toJSON ]]
|
|
#readonly_rootfs = true
|
|
pids_limit = 100
|
|
}
|
|
|
|
env {
|
|
SQUID_LISTS_DIR = "/local/lists"
|
|
SQUID_CONF_0_include_0 = "/secrets/squid/conf.d/*.conf"
|
|
SQUID_CONF_auth_param_0 = "basic program /usr/lib/squid/basic_ncsa_auth /secrets/squid/auth"
|
|
SQUID_CONF_acl_10 = "ssl_ports ports [[ join .squid.ssl_ports " " ]]"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "squid/auth.tpl" . ]]
|
|
_EOT
|
|
destination = "secrets/squid/auth"
|
|
uid = 100000
|
|
gid = 100031
|
|
perms = 0640
|
|
change_mode = "noop"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "squid/acl.conf.tpl" . ]]
|
|
_EOT
|
|
destination = "secrets/squid/conf.d/acl.conf"
|
|
uid = 100000
|
|
gid = 100031
|
|
perms = 0640
|
|
change_mode = "signal"
|
|
change_signal = "SIGHUP"
|
|
}
|
|
|
|
[[- range $k, $v := .squid.lists ]]
|
|
[[- if has $v "url" ]]
|
|
|
|
artifact {
|
|
source = [[ $v.url | toJSON ]]
|
|
destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"
|
|
mode = "file"
|
|
}
|
|
[[- else if has $v "content" ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ $v.content ]]
|
|
_EOT
|
|
destination = "local/lists/[[ $v.category ]]/[[ $k ]].list"
|
|
change_mode = "signal"
|
|
change_signal = "SIGHUP"
|
|
}
|
|
[[- end ]]
|
|
[[- end ]]
|
|
|
|
[[- template "common/file_env.tpl" $c.env ]]
|
|
[[- template "common/resources.tpl" .squid.resources ]]
|
|
}
|
|
}
|
|
}
|