CLeanup and update for newer common templates
This commit is contained in:
parent
e9ad913201
commit
631f8cb510
|
@ -2,7 +2,7 @@ Kind = "service-intentions"
|
|||
Name = "unifi[[ .env.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ .env.traefik ]]"
|
||||
Name = "[[ .traefik.instance ]]"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
|
@ -1 +1 @@
|
|||
Subproject commit c1ce3ccbdbce15571f26aa7f3b70aba48dd36759
|
||||
Subproject commit 8cfe263f274b066e8021e5f821ef6fd465f645f9
|
|
@ -1,6 +1,6 @@
|
|||
job "unifi" {
|
||||
|
||||
[[- template "common/job_start.tpl" .nomad ]]
|
||||
[[- template "common/job_start.tpl" . ]]
|
||||
|
||||
group "unifi" {
|
||||
|
||||
|
@ -13,48 +13,30 @@ job "unifi" {
|
|||
name = "unifi[[ .env.suffix ]]"
|
||||
port = 8888
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
[[- if has .proxy "service_name" ]]
|
||||
upstreams {
|
||||
destination_name = [[ .proxy.service_name | toJSON ]]
|
||||
local_bind_port = 3128
|
||||
}
|
||||
[[- end ]]
|
||||
upstreams {
|
||||
destination_name = [[ .mail.smtp_service_name | toJSON ]]
|
||||
local_bind_port = 25
|
||||
}
|
||||
}
|
||||
}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
[[ template "common/connect.tpl" dict "ctx" . "config" .unifi.controller ]]
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .traefik.instance ]].enable=true",
|
||||
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
|
||||
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
|
||||
[[- (urlParse .unifi.inform.public_url).Hostname -]]
|
||||
`) && (Path(`/inform`) || PathPrefix(`/dl/firmware-cached`))",
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join .unifi.inform.traefik.entrypoints "," ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ join .unifi.inform.traefik.middlewares "," ]]",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
|
||||
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
|
||||
"[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
|
||||
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
|
||||
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join .unifi.controller.traefik.entrypoints "," ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ join .unifi.controller.traefik.middlewares "," ]]",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
|
||||
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
|
||||
"[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
|
||||
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
|
||||
`) && PathPrefix(`/guest`)",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join .unifi.guest_portal.traefik.entrypoints "," ]]",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
|
||||
"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ join .unifi.guest_portal.traefik.middlewares "," ]]"
|
||||
"[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
|
||||
"[[ .traefik.instance ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
|
||||
|
||||
]
|
||||
}
|
||||
|
@ -64,9 +46,9 @@ job "unifi" {
|
|||
port = "stun"
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
|
||||
"[[ .env.traefik ]].consulcatalog.connect=false"
|
||||
"[[ .traefik.instance ]].enable=true",
|
||||
"[[ .traefik.instance ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
|
||||
"[[ .traefik.instance ]].consulcatalog.connect=false"
|
||||
]
|
||||
}
|
||||
|
||||
|
@ -74,12 +56,7 @@ job "unifi" {
|
|||
name = "unifi-mongo[[ .env.suffix ]]"
|
||||
port = 27017
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
[[ template "common/connect.tpl" dict "ctx" . "config" .unifi.mongo ]]
|
||||
|
||||
check {
|
||||
type = "script"
|
||||
|
@ -113,7 +90,7 @@ job "unifi" {
|
|||
|
||||
[[ template "common/task.wait_for.tpl" dict
|
||||
"ctx" .
|
||||
"wait_for" .unifi.controller.wait_for ]]
|
||||
"wait_for" (coll.Slice (dict "service" "unifi-mongo")) ]]
|
||||
|
||||
task "nginx" {
|
||||
driver = [[ .unifi.nginx.driver | toJSON ]]
|
||||
|
@ -158,7 +135,8 @@ _EOF
|
|||
|
||||
env {
|
||||
JAVA_OPTS = "-Djava.awt.headless=true -Dlogback.configurationFile=/local/logback.xml
|
||||
[[- if has .proxy "service_name" ]] -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
|
||||
[[- if has .proxy "address" ]] -Dhttp.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttp.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttps.proxyHost=[[ (urlParse .proxy.address).Hostname ]] -Dhttps.proxyPort=[[ (urlParse .proxy.address).Port ]] -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
|
||||
[[ template "common/proxy_env.tpl" . ]]
|
||||
[[ template "common/env.tpl" .unifi.controller.env ]]
|
||||
}
|
||||
|
||||
|
@ -225,6 +203,7 @@ _EOF
|
|||
[[ template "common/resources.tpl" .unifi.mongo.resources ]]
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -19,13 +19,12 @@ unifi:
|
|||
|
||||
public_url: https://unifi.example.org
|
||||
|
||||
traefik:
|
||||
traefik: {}
|
||||
|
||||
entrypoints:
|
||||
- https
|
||||
|
||||
middlewares:
|
||||
- ip-trusted@file
|
||||
#entrypoints:
|
||||
# - https
|
||||
#middlewares:
|
||||
# - ip-trusted@file
|
||||
|
||||
volume:
|
||||
type: csi
|
||||
|
@ -37,8 +36,14 @@ unifi:
|
|||
traefik:
|
||||
entrypoints:
|
||||
- unifi-inform
|
||||
middlewares:
|
||||
- ip-trusted@file
|
||||
base_middlewares:
|
||||
- rate-limit-std@file
|
||||
- inflight-std@file
|
||||
- security-headers@file
|
||||
- forward-headers@file
|
||||
- compression@file
|
||||
- csp-relaxed@file
|
||||
middlewares: []
|
||||
|
||||
guest_portal:
|
||||
public_url: https://unifi-portal.example.org:8843/
|
||||
|
|
Loading…
Reference in New Issue