job "lldap" { datacenters = ["dc1"] type = "service" priority = 80 group "lldap" { network { mode = "bridge" port "web" { host_network = "loopback" to = 17170 } port "ldap" { host_network = "loopback" to = 3890 } } volume "lldap-data" { type = "host" read_only = false source = "lldap-data" } service { name = "ldap" port = "ldap" connect { sidecar_service { proxy { local_service_port = 3890 config { protocol = "tcp" } } } sidecar_task { resources { cpu = 50 memory = 20 } } } } service { name = "ldap-admin" port = "web" connect { sidecar_service { proxy { local_service_port = 17170 } } sidecar_task { resources { cpu = 20 memory = 20 } } } tags = [ "traefik.enable=true", "traefik.http.routers.ldap-admin.entryPoints=websecure", ] } task "lldap" { driver = "docker" volume_mount { volume = "lldap-data" destination = "/data" read_only = false } config { image = "nitnelave/lldap:v0.4" ports = ["ldap", "web"] args = ["run", "--config-file", "/lldap_config.toml"] mount { type = "bind" source = "secrets/lldap_config.toml" target = "/lldap_config.toml" } } env = { "LLDAP_VERBOSE" = "true" "LLDAP_LDAP_PORT" = "${NOMAD_PORT_ldap}" "LLDAP_HTTP_PORT" = "${NOMAD_PORT_web}" } vault { policies = [ "access-tables", "nomad-task", ] } env = { "LLDAP_LDAP_PORT" = "${NOMAD_PORT_ldap}" "LLDAP_HTTP_PORT" = "${NOMAD_PORT_web}" } template { data = <