238 lines
7.0 KiB
HCL
238 lines
7.0 KiB
HCL
job [[ .unifi.instance | toJSON ]] {
|
|
|
|
[[- template "common/job_start.tpl" . ]]
|
|
|
|
group "unifi" {
|
|
|
|
[[- $c := merge .unifi.controller . ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
port "stun" {
|
|
to = 3478
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "[[ .unifi.instance ]][[ .consul.suffix ]]"
|
|
port = 8888
|
|
|
|
[[ template "common/connect.tpl" $c ]]
|
|
|
|
tags = [
|
|
"[[ $c.traefik.instance ]].enable=true",
|
|
|
|
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-inform[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
|
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].rule=Host(`
|
|
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
|
|
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].tls=true",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-controller[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
|
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].rule=Host(`
|
|
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
|
|
`) && PathPrefix(`/guest`)",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].tls=true",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .unifi.instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
|
|
|
|
]
|
|
}
|
|
|
|
service {
|
|
name = "[[ .unifi.instance ]]-stun[[ .consul.suffix ]]"
|
|
port = "stun"
|
|
|
|
tags = [
|
|
"[[ $c.traefik.instance ]].enable=true",
|
|
"[[ $c.traefik.instance ]].udp.routers.[[ .unifi.instance ]]-stun[[ .consul.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].consulcatalog.connect=false"
|
|
]
|
|
}
|
|
|
|
[[- if not .unifi.controller.mongo.is_external ]]
|
|
service {
|
|
name = "[[ .unifi.instance ]]-mongo[[ .consul.suffix ]]"
|
|
port = 27017
|
|
|
|
check {
|
|
type = "script"
|
|
command = "sh"
|
|
args = ["-c", "mongo --eval 'db.runCommand(\"ping\").ok'"]
|
|
interval = "30s"
|
|
timeout = "5s"
|
|
task = "mongo"
|
|
|
|
check_restart {
|
|
limit = 4
|
|
grace = "3m"
|
|
}
|
|
}
|
|
}
|
|
|
|
volume "unifi-mongo" {
|
|
type = [[ .unifi.mongo.volume.type | toJSON ]]
|
|
source = [[ .unifi.mongo.volume.source | toJSON ]]
|
|
access_mode = "single-node-writer"
|
|
attachment_mode = "file-system"
|
|
}
|
|
|
|
[[- end ]]
|
|
|
|
volume "unifi-data" {
|
|
type = [[ .unifi.controller.volume.type | toJSON ]]
|
|
source = [[ .unifi.controller.volume.source | toJSON ]]
|
|
access_mode = "multi-node-multi-writer"
|
|
attachment_mode = "file-system"
|
|
}
|
|
|
|
[[ template "common/task.wait_for.tpl" dict
|
|
"ctx" .
|
|
"wait_for" (coll.Slice (dict "service" .unifi.controller.mongo.service_name)) ]]
|
|
|
|
task "nginx" {
|
|
driver = [[ .nomad.driver | toJSON ]]
|
|
user = 8306
|
|
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = "true"
|
|
}
|
|
|
|
config {
|
|
image = [[ .unifi.nginx.image | toJSON ]]
|
|
volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ template "unifi/nginx/nginx.conf.tpl" . ]]
|
|
_EOF
|
|
destination = "local/nginx.conf"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" .unifi.nginx.resources ]]
|
|
}
|
|
|
|
task "firmware-downloader" {
|
|
driver = [[ .nomad.driver | toJSON ]]
|
|
user = 8443
|
|
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ .unifi.fw_dl.image | toJSON ]]
|
|
}
|
|
|
|
env {
|
|
[[ template "common/env.tpl" merge .unifi.fw_dl.env .env ]]
|
|
[[ template "common/proxy_env.tpl" . ]]
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "unifi-data"
|
|
destination = "/data"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" .unifi.fw_dl.resources ]]
|
|
}
|
|
|
|
task "controller" {
|
|
|
|
leader = true
|
|
driver = [[ .nomad.driver | toJSON ]]
|
|
|
|
config {
|
|
image = [[ .unifi.controller.image | toJSON ]]
|
|
volumes = [
|
|
"local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
|
|
]
|
|
mount {
|
|
type = "tmpfs"
|
|
target = "/opt/unifi/run"
|
|
readonly = false
|
|
}
|
|
}
|
|
|
|
vault {
|
|
policies = ["[[ .unifi.instance ]][[ .consul.suffix ]]"]
|
|
env = false
|
|
disable_file = true
|
|
}
|
|
|
|
env {
|
|
[[ template "common/proxy_env.tpl" . ]]
|
|
[[ template "common/env.tpl" $c.env ]]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ template "unifi/controller/system.properties.tpl" . ]]
|
|
_EOF
|
|
destination = "secrets/system.properties"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ template "unifi/controller/init-system.properties.sh.tpl" . ]]
|
|
_EOF
|
|
destination = "local/init-system.properties.sh"
|
|
perms = "755"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "unifi-data"
|
|
destination = "/data"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" .unifi.controller.resources ]]
|
|
|
|
}
|
|
|
|
[[- if not .unifi.controller.mongo.is_external ]]
|
|
|
|
task "mongo" {
|
|
driver = [[ .nomad.driver | toJSON ]]
|
|
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ .unifi.mongo.image | toJSON ]]
|
|
command = "mongod"
|
|
args = [
|
|
"--config",
|
|
"/local/mongod.conf"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ template "unifi/mongo/mongod.conf.tpl" . ]]
|
|
_EOF
|
|
destination = "local/mongod.conf"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "unifi-mongo"
|
|
destination = "/data/db"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" .unifi.mongo.resources ]]
|
|
|
|
}
|
|
}
|
|
[[- end ]]
|
|
}
|
|
|