Cleanup
This commit is contained in:
parent
08301a745e
commit
d60b498785
|
@ -1,3 +1,3 @@
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
Name = "[[ .unifi.job_name ]][[ .env.suffix ]]"
|
Name = "[[ .unifi.instance ]][[ .consul.suffix ]]"
|
||||||
Protocol = "http"
|
Protocol = "http"
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
Kind = "service-intentions"
|
Kind = "service-intentions"
|
||||||
Name = "[[ .unifi.job_name ]][[ .env.suffix ]]"
|
Name = "[[ .unifi.instance ]][[ .consul.suffix ]]"
|
||||||
Sources = [
|
Sources = [
|
||||||
{
|
{
|
||||||
Name = "[[ .traefik.instance ]]"
|
Name = "[[ (merge .unifi.controller .traefik).instance ]]"
|
||||||
Permissions = [
|
Permissions = [
|
||||||
{
|
{
|
||||||
Action = "allow"
|
Action = "allow"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "unifi" .unifi.job_name) ]]
|
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "unifi" .unifi.instance) ]]
|
||||||
|
|
|
@ -9,12 +9,12 @@ db.mongo.local=false
|
||||||
[[- $mongo_stats := urlParse .unifi.controller.mongo.stats_address ]]
|
[[- $mongo_stats := urlParse .unifi.controller.mongo.stats_address ]]
|
||||||
db.mongo.uri=[[ $mongo.Scheme ]]://
|
db.mongo.uri=[[ $mongo.Scheme ]]://
|
||||||
[[- if has .unifi.controller.mongo "user" ]]
|
[[- if has .unifi.controller.mongo "user" ]]
|
||||||
[[- .unifi.controller.mongo.user ]]:{{ with secret "[[ .env.suffix ]]kv/service/[[ .unifi.job_name ]]" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@
|
[[- .unifi.controller.mongo.user ]]:{{ with secret "[[ .consul.suffix ]]kv/service/[[ .unifi.instance ]]" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
[[- $mongo.Host ]][[ $mongo.Path ]]?[[ $mongo.RawQuery ]]
|
[[- $mongo.Host ]][[ $mongo.Path ]]?[[ $mongo.RawQuery ]]
|
||||||
statdb.mongo.uri=[[ $mongo_stats.Scheme ]]://
|
statdb.mongo.uri=[[ $mongo_stats.Scheme ]]://
|
||||||
[[- if has .unifi.controller.mongo "user" ]]
|
[[- if has .unifi.controller.mongo "user" ]]
|
||||||
[[- .unifi.controller.mongo.user ]]:{{ with secret "[[ .env.suffix ]]kv/service/[[ .unifi.job_name ]]" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@
|
[[- .unifi.controller.mongo.user ]]:{{ with secret "[[ .consul.suffix ]]kv/service/[[ .unifi.instance ]]" }}{{ urlquery .Data.data.mongo_pwd }}{{ end }}@
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
[[- $mongo_stats.Host ]][[ $mongo_stats.Path ]]?[[ $mongo_stats.RawQuery ]]
|
[[- $mongo_stats.Host ]][[ $mongo_stats.Path ]]?[[ $mongo_stats.RawQuery ]]
|
||||||
debug.device=info
|
debug.device=info
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
job [[ .unifi.job_name | toJSON ]] {
|
job [[ .unifi.instance | toJSON ]] {
|
||||||
|
|
||||||
[[- template "common/job_start.tpl" . ]]
|
[[- template "common/job_start.tpl" . ]]
|
||||||
|
|
||||||
group "unifi" {
|
group "unifi" {
|
||||||
|
|
||||||
|
[[- $c := merge .unifi.controller . ]]
|
||||||
|
|
||||||
network {
|
network {
|
||||||
mode = "bridge"
|
mode = "bridge"
|
||||||
port "stun" {
|
port "stun" {
|
||||||
|
@ -12,50 +14,50 @@ job [[ .unifi.job_name | toJSON ]] {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "[[ .unifi.job_name ]][[ .env.suffix ]]"
|
name = "[[ .unifi.instance ]][[ .consul.suffix ]]"
|
||||||
port = 8888
|
port = 8888
|
||||||
|
|
||||||
[[ template "common/connect.tpl" dict "ctx" . "config" .unifi.controller ]]
|
[[ template "common/connect.tpl" $c ]]
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
"[[ .traefik.instance ]].enable=true",
|
"[[ $c.traefik.instance ]].enable=true",
|
||||||
|
|
||||||
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
|
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-inform[[ .env.suffix ]].rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-inform[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-inform[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
|
||||||
|
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-controller[[ .env.suffix ]].rule=Host(`
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].rule=Host(`
|
||||||
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
|
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
|
||||||
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
|
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-controller[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-controller[[ .env.suffix ]].tls=true",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].tls=true",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-controller[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
|
||||||
|
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-portal[[ .env.suffix ]].rule=Host(`
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].rule=Host(`
|
||||||
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
|
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
|
||||||
`) && PathPrefix(`/guest`)",
|
`) && PathPrefix(`/guest`)",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-portal[[ .env.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-portal[[ .env.suffix ]].tls=true",
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].tls=true",
|
||||||
"[[ .traefik.instance ]].http.routers.[[ .unifi.job_name ]]-portal[[ .env.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
|
||||||
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "unifi-stun[[ .env.suffix ]]"
|
name = "[[ .unifi.instance ]]-stun[[ .consul.suffix ]]"
|
||||||
port = "stun"
|
port = "stun"
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
"[[ .traefik.instance ]].enable=true",
|
"[[ $c.traefik.instance ]].enable=true",
|
||||||
"[[ .traefik.instance ]].udp.routers.[[ .unifi.job_name ]]-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
|
"[[ $c.traefik.instance ]].udp.routers.[[ .unifi.instance ]]-stun[[ .consul.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
|
||||||
"[[ .traefik.instance ]].consulcatalog.connect=false"
|
"[[ $c.traefik.instance ]].consulcatalog.connect=false"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[- if not .unifi.controller.mongo.is_external ]]
|
[[- if not .unifi.controller.mongo.is_external ]]
|
||||||
service {
|
service {
|
||||||
name = "unifi-mongo[[ .env.suffix ]]"
|
name = "[[ .unifi.instance ]]-mongo[[ .consul.suffix ]]"
|
||||||
port = 27017
|
port = 27017
|
||||||
|
|
||||||
check {
|
check {
|
||||||
|
@ -72,16 +74,6 @@ job [[ .unifi.job_name | toJSON ]] {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
[[- end ]]
|
|
||||||
|
|
||||||
volume "unifi-data" {
|
|
||||||
type = [[ .unifi.controller.volume.type | toJSON ]]
|
|
||||||
source = [[ .unifi.controller.volume.source | toJSON ]]
|
|
||||||
access_mode = "multi-node-multi-writer"
|
|
||||||
attachment_mode = "file-system"
|
|
||||||
}
|
|
||||||
|
|
||||||
[[- if not .unifi.controller.mongo.is_external ]]
|
|
||||||
|
|
||||||
volume "unifi-mongo" {
|
volume "unifi-mongo" {
|
||||||
type = [[ .unifi.mongo.volume.type | toJSON ]]
|
type = [[ .unifi.mongo.volume.type | toJSON ]]
|
||||||
|
@ -92,12 +84,19 @@ job [[ .unifi.job_name | toJSON ]] {
|
||||||
|
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
|
|
||||||
|
volume "unifi-data" {
|
||||||
|
type = [[ .unifi.controller.volume.type | toJSON ]]
|
||||||
|
source = [[ .unifi.controller.volume.source | toJSON ]]
|
||||||
|
access_mode = "multi-node-multi-writer"
|
||||||
|
attachment_mode = "file-system"
|
||||||
|
}
|
||||||
|
|
||||||
[[ template "common/task.wait_for.tpl" dict
|
[[ template "common/task.wait_for.tpl" dict
|
||||||
"ctx" .
|
"ctx" .
|
||||||
"wait_for" (coll.Slice (dict "service" .unifi.controller.mongo.service_name)) ]]
|
"wait_for" (coll.Slice (dict "service" .unifi.controller.mongo.service_name)) ]]
|
||||||
|
|
||||||
task "nginx" {
|
task "nginx" {
|
||||||
driver = [[ .unifi.nginx.driver | toJSON ]]
|
driver = [[ .nomad.driver | toJSON ]]
|
||||||
user = 8306
|
user = 8306
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
|
@ -121,7 +120,7 @@ _EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
task "firmware-downloader" {
|
task "firmware-downloader" {
|
||||||
driver = [[ .unifi.fw_dl.driver | toJSON ]]
|
driver = [[ .nomad.driver | toJSON ]]
|
||||||
user = 8443
|
user = 8443
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
|
@ -134,7 +133,7 @@ _EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
[[ template "common/env.tpl" .unifi.fw_dl.env ]]
|
[[ template "common/env.tpl" merge .unifi.fw_dl.env .env ]]
|
||||||
[[ template "common/proxy_env.tpl" . ]]
|
[[ template "common/proxy_env.tpl" . ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -149,7 +148,7 @@ _EOF
|
||||||
task "controller" {
|
task "controller" {
|
||||||
|
|
||||||
leader = true
|
leader = true
|
||||||
driver = [[ .unifi.controller.driver | toJSON ]]
|
driver = [[ .nomad.driver | toJSON ]]
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = [[ .unifi.controller.image | toJSON ]]
|
image = [[ .unifi.controller.image | toJSON ]]
|
||||||
|
@ -164,14 +163,14 @@ _EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
vault {
|
vault {
|
||||||
policies = ["unifi[[ .env.suffix ]]"]
|
policies = ["[[ .unifi.instance ]][[ .consul.suffix ]]"]
|
||||||
env = false
|
env = false
|
||||||
disable_file = true
|
disable_file = true
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
[[ template "common/proxy_env.tpl" . ]]
|
[[ template "common/proxy_env.tpl" . ]]
|
||||||
[[ template "common/env.tpl" .unifi.controller.env ]]
|
[[ template "common/env.tpl" $c.env ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -201,7 +200,7 @@ _EOF
|
||||||
[[- if not .unifi.controller.mongo.is_external ]]
|
[[- if not .unifi.controller.mongo.is_external ]]
|
||||||
|
|
||||||
task "mongo" {
|
task "mongo" {
|
||||||
driver = [[ .unifi.mongo.driver | toJSON ]]
|
driver = [[ .nomad.driver | toJSON ]]
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
hook = "prestart"
|
hook = "prestart"
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
unifi:
|
unifi:
|
||||||
# The name of the nomad job
|
# The name of the nomad job
|
||||||
job_name: unifi
|
instance: unifi
|
||||||
|
|
||||||
# This is for the web management console
|
# This is for the web management console
|
||||||
controller:
|
controller:
|
||||||
|
@ -129,9 +129,6 @@ unifi:
|
||||||
# The image to use
|
# The image to use
|
||||||
image: nginxinc/nginx-unprivileged:alpine
|
image: nginxinc/nginx-unprivileged:alpine
|
||||||
|
|
||||||
# The driver to use (docker or podman)
|
|
||||||
driver: docker
|
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
cpu: 10
|
cpu: 10
|
||||||
|
@ -144,9 +141,6 @@ unifi:
|
||||||
# The image to use
|
# The image to use
|
||||||
image: danielberteaud/mongo:5.0-1
|
image: danielberteaud/mongo:5.0-1
|
||||||
|
|
||||||
# The driver to use (docker or podman)
|
|
||||||
driver: docker
|
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
cpu: 100
|
cpu: 100
|
||||||
|
@ -165,9 +159,6 @@ unifi:
|
||||||
# The image to use
|
# The image to use
|
||||||
image: danielberteaud/ubnt-firmware-downloader:20230831-1
|
image: danielberteaud/ubnt-firmware-downloader:20230831-1
|
||||||
|
|
||||||
# The driver (docker or podman)
|
|
||||||
driver: docker
|
|
||||||
|
|
||||||
# Resource allocation
|
# Resource allocation
|
||||||
resources:
|
resources:
|
||||||
cpu: 10
|
cpu: 10
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
path "[[ .vault.prefix ]]kv/data/service/[[ .unifi.job_name ]]" {
|
path "[[ .vault.prefix ]]kv/data/service/[[ .unifi.instance ]]" {
|
||||||
capabilities = ["read"]
|
capabilities = ["read"]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue