iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix lldap secrets

Browse Source
This commit is contained in:
IamTheFij 2024-01-23 12:07:42 -08:00
parent 6fe1b200f2
commit 0a2eace3dd
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
databases/lldap.nomad
View File

@ -215,7 +215,7 @@ delay = yes
accept = {{ env "NOMAD_PORT_tls" }} accept = {{ env "NOMAD_PORT_tls" }}
connect = 127.0.0.1:{{ env "NOMAD_PORT_ldap" }} connect = 127.0.0.1:{{ env "NOMAD_PORT_ldap" }}
ciphers = PSK ciphers = PSK
PSKsecrets = {{ env "NOMAD_TASK_DIR" }}/stunnel_psk.txt PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
[mysql_client] [mysql_client]
client = yes client = yes
@ -234,7 +234,7 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/mysql_stunnel_psk.txt
{{ with nomadVar .Path }}{{ .psk }}{{ end }} {{ with nomadVar .Path }}{{ .psk }}{{ end }}
{{ end -}} {{ end -}}
EOF EOF
destination = "$${NOMAD_TASK_DIR}/stunnel_psk.txt" destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
} }
template { template {

5
databases/lldap.tf
View File

@ -16,6 +16,9 @@ resource "nomad_acl_policy" "lldap_ldap_secrets" {
rules_hcl = <<EOH rules_hcl = <<EOH
namespace "default" { namespace "default" {
variables { variables {
path "secrets/ldap/*" {
capabilities = ["read"]
}
path "secrets/ldap" { path "secrets/ldap" {
capabilities = ["read"] capabilities = ["read"]
} }
@ -25,8 +28,6 @@ EOH
job_acl { job_acl {
job_id = resource.nomad_job.lldap.id job_id = resource.nomad_job.lldap.id
group = "lldap"
task = "lldap"
} }
} }