CLeanup and update for newer common templates

consul/config/service-intentions/unifi.hcl

@@ -2,7 +2,7 @@ Kind = "service-intentions"
 Name = "unifi[[ .env.suffix ]]"
 Sources = [
   {
-    Name = "[[ .env.traefik ]]"
+    Name = "[[ .traefik.instance ]]"
     Permissions = [
       {
         Action = "allow"

deps/common

@@ -1 +1 @@
-Subproject commit c1ce3ccbdbce15571f26aa7f3b70aba48dd36759
+Subproject commit 8cfe263f274b066e8021e5f821ef6fd465f645f9

unifi.nomad.hcl

@@ -1,6 +1,6 @@
 job "unifi" {
 
-  [[- template "common/job_start.tpl" .nomad ]]
+[[- template "common/job_start.tpl" . ]]
 
   group "unifi" {
 
@@ -13,48 +13,30 @@ job "unifi" {
       name = "unifi[[ .env.suffix ]]"
       port = 8888
 
-      connect {
-        sidecar_service {
-          proxy {
-            [[- if has .proxy "service_name" ]]
-            upstreams {
-              destination_name = [[ .proxy.service_name | toJSON ]]
-              local_bind_port = 3128
-            }
-            [[- end ]]
-            upstreams {
-              destination_name = [[ .mail.smtp_service_name | toJSON ]]
-              local_bind_port  = 25
-            }
-          }
-        }
-        sidecar_task {
-[[ template "common/resources.tpl" .envoy ]]
-        }
-      }
+[[ template "common/connect.tpl" dict "ctx" . "config" .unifi.controller ]]
 
       tags = [
-        "[[ .env.traefik ]].enable=true",
+        "[[ .traefik.instance ]].enable=true",
 
-        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
+        "[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
           [[- (urlParse .unifi.inform.public_url).Hostname -]]
             `) && (Path(`/inform`) || PathPrefix(`/dl/firmware-cached`))",
-        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join .unifi.inform.traefik.entrypoints "," ]]",
-        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ join .unifi.inform.traefik.middlewares  "," ]]",
+        "[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
+        "[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
 
-        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
+        "[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
           [[- (urlParse .unifi.controller.public_url).Hostname -]]`)
             [[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
-        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join .unifi.controller.traefik.entrypoints "," ]]",
-        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
-        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ join .unifi.controller.traefik.middlewares  "," ]]",
+        "[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
+        "[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
+        "[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
 
-        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
+        "[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
           [[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
             `) && PathPrefix(`/guest`)",
-        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join .unifi.guest_portal.traefik.entrypoints "," ]]",
-        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
-        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ join .unifi.guest_portal.traefik.middlewares  "," ]]"
+        "[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
+        "[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
+        "[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
 
       ]
     }
@@ -64,9 +46,9 @@ job "unifi" {
       port = "stun"
 
       tags = [
-        "[[ .env.traefik ]].enable=true",
-        "[[ .env.traefik ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
-        "[[ .env.traefik ]].consulcatalog.connect=false"
+        "[[ .traefik.instance ]].enable=true",
+        "[[ .traefik.instance ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
+        "[[ .traefik.instance ]].consulcatalog.connect=false"
       ]
     }
 
@@ -74,12 +56,7 @@ job "unifi" {
       name = "unifi-mongo[[ .env.suffix ]]"
       port = 27017
 
-      connect {
-        sidecar_service {}
-        sidecar_task {
-[[ template "common/resources.tpl" .envoy ]]
-        }
-      }
+[[ template "common/connect.tpl" dict "ctx" . "config" .unifi.mongo ]]
 
       check {
         type     = "script"
@@ -113,7 +90,7 @@ job "unifi" {
 
 [[ template "common/task.wait_for.tpl" dict 
   "ctx" .
-  "wait_for" .unifi.controller.wait_for ]]
+  "wait_for" (coll.Slice (dict "service" "unifi-mongo")) ]]
 
     task "nginx" {
       driver = [[ .unifi.nginx.driver | toJSON ]]
@@ -158,7 +135,8 @@ _EOF
 
       env {
         JAVA_OPTS = "-Djava.awt.headless=true -Dlogback.configurationFile=/local/logback.xml
-          [[- if has .proxy "service_name" ]] -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
+          [[- if has .proxy "address" ]] -Dhttp.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttp.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttps.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttps.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
+        [[ template "common/proxy_env.tpl" . ]]
         [[ template "common/env.tpl" .unifi.controller.env ]]
       }
 
@@ -225,6 +203,7 @@ _EOF
 [[ template "common/resources.tpl" .unifi.mongo.resources ]]
 
     }
+
   }
 }
 

variables.yml

@@ -19,13 +19,12 @@ unifi:
 
     public_url: https://unifi.example.org
 
-    traefik:
+    traefik: {}
 
-      entrypoints:
-        - https
-
-      middlewares:
-        - ip-trusted@file
+      #entrypoints:
+      #  - https
+      #middlewares:
+      #  - ip-trusted@file
 
     volume:
       type: csi
@@ -37,8 +36,14 @@ unifi:
     traefik:
       entrypoints:
         - unifi-inform
-      middlewares:
-        - ip-trusted@file
+      base_middlewares:
+        - rate-limit-std@file
+        - inflight-std@file
+        - security-headers@file
+        - forward-headers@file
+        - compression@file
+        - csp-relaxed@file
+      middlewares: []
 
   guest_portal:
     public_url: https://unifi-portal.example.org:8843/