149 lines
2.9 KiB
HCL
149 lines
2.9 KiB
HCL
job "lldap" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
priority = 80
|
|
|
|
group "lldap" {
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "web" {
|
|
host_network = "loopback"
|
|
to = 17170
|
|
}
|
|
|
|
port "ldap" {
|
|
host_network = "loopback"
|
|
to = 3890
|
|
}
|
|
}
|
|
|
|
volume "lldap-data" {
|
|
type = "host"
|
|
read_only = false
|
|
source = "lldap-data"
|
|
}
|
|
|
|
service {
|
|
name = "ldap"
|
|
port = "ldap"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
local_service_port = 3890
|
|
|
|
config {
|
|
protocol = "tcp"
|
|
}
|
|
}
|
|
}
|
|
|
|
sidecar_task {
|
|
resources {
|
|
cpu = 50
|
|
memory = 20
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "ldap-admin"
|
|
port = "web"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
local_service_port = 17170
|
|
}
|
|
}
|
|
|
|
sidecar_task {
|
|
resources {
|
|
cpu = 20
|
|
memory = 20
|
|
}
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.ldap-admin.entryPoints=websecure",
|
|
]
|
|
}
|
|
|
|
task "lldap" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "lldap-data"
|
|
destination = "/data"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
image = "nitnelave/lldap:v0.4"
|
|
ports = ["ldap", "web"]
|
|
args = ["run", "--config-file", "/lldap_config.toml"]
|
|
|
|
mount {
|
|
type = "bind"
|
|
source = "secrets/lldap_config.toml"
|
|
target = "/lldap_config.toml"
|
|
}
|
|
|
|
}
|
|
|
|
env = {
|
|
"LLDAP_VERBOSE" = "true"
|
|
"LLDAP_LDAP_PORT" = "${NOMAD_PORT_ldap}"
|
|
"LLDAP_HTTP_PORT" = "${NOMAD_PORT_web}"
|
|
}
|
|
|
|
vault {
|
|
policies = [
|
|
"access-tables",
|
|
"nomad-task",
|
|
]
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
database_url = "sqlite:///data/users.db?mode=rwc"
|
|
key_file = "/data/private_key"
|
|
ldap_base_dn = "{{ keyOrDefault "global/ldap/base_dn" "dc=example,dc=com" }}"
|
|
{{ with secret "kv/data/lldap" -}}
|
|
jwt_secret = "{{ .Data.data.jwt_secret }}"
|
|
ldap_user_dn = "{{ .Data.data.admin_user }}"
|
|
ldap_user_email = "{{ .Data.data.admin_email }}"
|
|
ldap_user_pass = "{{ .Data.data.admin_password }}"
|
|
{{ end -}}
|
|
{{ with secret "kv/data/smtp" -}}
|
|
[smtp_options]
|
|
enable_password_reset = true
|
|
server = "{{ .Data.data.server }}"
|
|
port = {{ .Data.data.port }}
|
|
tls_required = {{ .Data.data.tls }}
|
|
user = "{{ .Data.data.user }}"
|
|
password = "{{ .Data.data.password }}"
|
|
{{ with secret "kv/data/lldap" -}}
|
|
from = "{{ .Data.data.smtp_from }}"
|
|
reply_to = "{{ .Data.data.smtp_reply_to }}"
|
|
{{ end -}}
|
|
{{ end -}}
|
|
EOH
|
|
destination = "secrets/lldap_config.toml"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
resources {
|
|
cpu = 10
|
|
memory = 200
|
|
memory_max = 200
|
|
}
|
|
}
|
|
}
|
|
}
|