job "openldap" { datacenters = ["homelab"] priority = 90 type = "service" meta { forcedeploy = "1" } constraint { attribute = "${attr.cpu.arch}" value = "amd64" } vault { policies = ["ldap"] } group "openldap" { network { mode = "host" port "ldap" { static = 389 to = 1389 } port "ldaps" { static = 636 to = 1636 } } task "selfsignedCertificate" { lifecycle { hook= "prestart" sidecar = false } driver= "docker" config{ image= "stakater/ssl-certs-generator" mount { type = "bind" source = "..${NOMAD_ALLOC_DIR}/data" target = "/certs" } } env { SSL_DNS="ldaps.service.consul,ldap.service.consul" } } task "openldap" { driver = "docker" service { name = "ldap" port = "ldap" tags = [ ] } service { name = "ldaps" port = "ldaps" tags = [ ] } config { image = "bitnami/openldap" ports = ["ldap", "ldaps"] volumes = [ "/mnt/diskstation/nomad/openldap:/bitnami/openldap", ] } env { LDAP_ADMIN_USERNAME = "admin" LDAP_ROOT = "dc=ducamps,dc=eu" LDAP_EXTRA_SCHEMAS = "cosine, inetorgperson" LDAP_CUSTOM_SCHEMA_DIR = "/local/schema" LDAP_CUSTOM_LDIF_DIR = "/local/ldif" LDAP_CONFIGURE_PPOLICY = "yes" LDAP_ALLOW_ANON_BINDING = "no" LDAP_LOGLEVEL = 64 LDAP_ENABLE_TLS = "yes" LDAP_TLS_CERT_FILE = "${NOMAD_ALLOC_DIR}/data/cert.pem" LDAP_TLS_KEY_FILE = "${NOMAD_ALLOC_DIR}/data/key.pem" LDAP_TLS_CA_FILE = "${NOMAD_ALLOC_DIR}/data/ca.pem" } template { data = <