nomad
/
unifi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support authenticated mongo

This commit is contained in:
Daniel Berteaud 2023-08-31 22:43:12 +02:00
parent 1b39e2e852
commit c0a31b8b3a
4 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
templates/controller/system.properties.tpl
View File

@ -5,10 +5,16 @@ portal.https.port=8843
unifi.stun.port={{ env "NOMAD_PORT_stun" }}
unifi.db.nojournal=true
db.mongo.local=false
db.mongo.uri=mongodb://localhost:27017/unifi
statdb.mongo.uri=mongodb://localhost:27017/unifi_stats
unifi.db.name=unifi
debug.device=debug
debug.mgmt=debug
debug.system=debug
[[- $mongo := urlParse .unifi.controller.mongo.address ]]
[[- if has .unifi.controller.mongo "user" ]]
db.mongo.uri=[[ $mongo.Scheme ]]://[[ .unifi.controller.mongo.user ]]:{{ with secret "[[ .env.suffix ]]kv/service/unifi" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@[[ $mongo.Host ]]/[[ .unifi.controller.mongo.db ]]
statdb.mongo.uri=[[ $mongo.Scheme ]]://[[ .unifi.controller.mongo.user ]]:{{ with secret "[[ .env.suffix ]]kv/service/unifi" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@[[ $mongo.Host ]]/[[ .unifi.controller.mongo.stats_db ]]
[[- else ]]
db.mongo.uri=[[ $mongo.Scheme ]]://[[ $mongo.Host ]]/[[ .unifi.controller.mongo.db ]]
statdb.mongo.uri=[[ $mongo.Scheme ]]://[[ $mongo.Host ]]/[[ .unifi.controller.mongo.stats_db ]]
[[- end ]]
unifi.db.name=[[ .unifi.controller.mongo.db ]]
debug.device=info
debug.mgmt=info
debug.system=info
debug.sdn=warn

8
unifi.nomad.hcl
View File

@ -20,7 +20,7 @@ job "unifi" {
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
[[- (urlParse .unifi.inform.public_url).Hostname -]]
`) && (Path(`/inform`) || PathPrefix(`/dl/firmware-cached`))",
`) && ((Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`))",
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
"[[ .traefik.instance ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
@ -162,6 +162,12 @@ _EOF
}
}
vault {
policies = ["unifi[[ .env.suffix ]]"]
env = false
disable_file = true
}
env {
JAVA_OPTS = "-Dlogback.configurationFile=/local/logback.xml"
[[ template "common/proxy_env.tpl" . ]]

2
variables.yml
View File

@ -31,6 +31,8 @@ unifi:
# DB names for unifi and the statistics
db: unifi
stats_db: unifi_stats
# If username is set, the password must be available in vault at [[ .env.suffix ]]/kv/service/unifi in key mongo_pwd
# user: unifi
# Service name of the mongo service. This is used to wait for mongo to be
# up before starting the controller

3
vault/policies/unifi.hcl Normal file
View File

@ -0,0 +1,3 @@
path "[[ .env.suffix ]]kv/data/service/unifi" {
capabilities = ["read"]
}