Updated main with dev

_examples/openldap.tf

@@ -1,5 +1,5 @@
 
-// Example LDAP server, using the bitnami/openldap docker image
+// Example LDAP server
 module "openldap" {
   source = "github.com/mutablelogic/tf-nomad//openldap"
 
@@ -19,3 +19,26 @@ module "openldap" {
   replication_hosts = ["ldap://server1:389/", "ldap://server2:389/"] // LDAP urls for replication
   data              = "/var/lib/ldap"                                // Directory for data persistence
 }
+
+// Example LDAP admin
+module "openldap-admin" {
+  source =  "github.com/mutablelogic/tf-nomad//openldap-admin"
+
+  // Required parameters
+  dc             = var.dc
+  hosts           = ["server1", "server2"]    // Host constraint for the job
+  organization    = "My Organization"         // Distinquished name for the LDAP server
+  domain          = "example.com"             // Domain for the LDAP server
+  admin_password  = local.LDAP_ADMIN_PASSWORD // Password for the LDAP 'admin' user
+
+  // Other parameters
+  enabled        = true
+  namespace      = var.namespace
+  docker_tag        = "latest"                                       // Pull the latest version of the docker image every job restart
+  port              = 5000                                           // plaintext port to expose
+
+  // LDAP details
+  service_dns    = ["192.168.86.11", "192.168.86.12"]
+  url            = "ldap://openldap-ldap.default.nomad/"
+  basedn         = "dc=mutablelogic,dc=com"
+}

github-action-runner/input.tf

@@ -0,0 +1,52 @@
+
+variable "dc" {
+  type        = string
+  description = "Data center name"
+}
+
+variable "namespace" {
+  type        = string
+  description = "Nomad namespace"
+  default     = "default"
+}
+
+variable "enabled" {
+  type        = bool
+  description = "If false, then no job is deployed"
+  default     = true
+}
+
+variable "docker_tag" {
+  type        = string
+  description = "Version of the docker image to use, defaults to latest"
+  default     = "latest"
+}
+
+variable "service_dns" {
+  description = "Service discovery DNS"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
+}
+
+variable "hosts" {
+  type        = list(string)
+  description = "List of hosts to deploy on. If empty, one allocation will be created"
+  default     = []
+}
+
+variable "access_token" {
+  description = "Github access token"
+  type        = string
+  sensitive   = true
+}
+
+variable "organization" {
+  description = "Github organization"
+  type        = string
+}

github-action-runner/locals.tf

@@ -0,0 +1,5 @@
+
+locals {
+    docker_image = "ghcr.io/actions/actions-runner:${var.docker_tag}"
+    docker_always_pull = var.docker_tag == "latest" ? true : false
+}

github-action-runner/main.tf

@@ -0,0 +1,20 @@
+
+resource "nomad_job" "github-action-runner" {
+  count   = var.enabled ? 1 : 0
+  jobspec = file("${path.module}/nomad/github-action-runner.hcl")
+
+  hcl2 {
+    vars = {
+      dc                 = jsonencode([var.dc])
+      namespace          = var.namespace
+      hosts              = jsonencode(var.hosts)
+      docker_image       = local.docker_image
+      docker_always_pull = jsonencode(local.docker_always_pull)
+      service_dns        = jsonencode(var.service_dns)
+      service_type       = var.service_type
+
+      access_token = var.access_token
+      organization = var.organization
+    }
+  }
+}

github-action-runner/nomad/github-action-runner.hcl

@@ -0,0 +1,113 @@
+
+// github action runner
+// Docker Image: ghcr.io/actions/actions-runner
+
+///////////////////////////////////////////////////////////////////////////////
+// VARIABLES
+
+variable "dc" {
+  description = "data centers that the job is eligible to run in"
+  type        = list(string)
+}
+
+variable "namespace" {
+  description = "namespace that the job runs in"
+  type        = string
+  default     = "default"
+}
+
+variable "hosts" {
+  description = "host constraint for the job, defaults to one host"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_dns" {
+  description = "Service discovery DNS"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
+}
+
+variable "docker_image" {
+  description = "Docker image"
+  type        = string
+}
+
+variable "docker_always_pull" {
+  description = "Pull docker image on every job restart"
+  type        = bool
+  default     = false
+}
+
+///////////////////////////////////////////////////////////////////////////////
+
+variable "access_token" {
+  description = "Github access token"
+  type        = string
+}
+
+variable "organization" {
+  description = "Github organization"
+  type        = string
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// JOB
+
+job "github-action-runner" {
+  type        = var.service_type
+  datacenters = var.dc
+  namespace   = var.namespace
+
+  update {
+    min_healthy_time = "10s"
+    healthy_deadline = "5m"
+    health_check     = "task_states"
+  }
+
+  /////////////////////////////////////////////////////////////////////////////////
+
+  group "github-action-runner" {
+    count = (length(var.hosts) == 0 || var.service_type == "system") ? 1 : length(var.hosts)
+
+    dynamic "constraint" {
+      for_each = length(var.hosts) == 0 ? [] : [join(",", var.hosts)]
+      content {
+        attribute = node.unique.name
+        operator  = "set_contains_any"
+        value     = constraint.value
+      }
+    }
+
+    // token task runs to obtain a runner token
+    task "token" {
+      driver = "docker"
+
+      lifecycle {
+        hook    = "prestart"
+        sidecar = false
+      }
+
+      env {
+        ACCESS_TOKEN = var.access_token
+        ORGANIZATION = var.organization
+      }
+
+      config {
+        image       = "curlimages/curl"
+        dns_servers = var.service_dns
+        args = [
+          "sh", 
+          "-c",
+          "curl -s -X \"POST\" -H \"Authorization: token ${ACCESS_TOKEN}\" https://api.github.com/orgs/${ORGANIZATION}/actions/runners/registration-token"
+        ]
+      }
+    } // task "token"
+  }   // group "grafana"
+}     // job "grafana"

openldap-admin/input.tf

@@ -0,0 +1,85 @@
+
+variable "dc" {
+  type        = string
+  description = "Data center name"
+}
+
+variable "namespace" {
+  type        = string
+  description = "Nomad namespace"
+  default     = "default"
+}
+
+variable "enabled" {
+  type        = bool
+  description = "If false, then no job is deployed"
+  default     = true
+}
+
+variable "docker_tag" {
+  type        = string
+  description = "Version of the docker image to use, defaults to latest"
+  default     = "latest"
+}
+
+variable "service_provider" {
+  description = "Service provider, either consul or nomad"
+  type        = string
+  default     = "nomad"
+}
+
+variable "service_name" {
+  description = "Service name"
+  type        = string
+  default     = "openldap-admin"
+}
+
+variable "service_dns" {
+  description = "Service discovery DNS"
+  type        = list(string)
+  default     = []
+}
+
+variable "service_type" {
+  description = "Run as a service or system"
+  type        = string
+  default     = "service"
+}
+
+variable "hosts" {
+  type        = list(string)
+  description = "List of hosts to deploy on. If empty, one allocation will be created"
+  default     = []
+}
+
+variable "port" {
+  type        = number
+  description = "Port to expose plaintext service"
+  default     = 5000
+}
+
+variable "url" {
+  description = "LDAP server url"
+  type        = string
+}
+
+variable "basedn" {
+  description = "LDAP base distinguished name"
+  type        = string
+}
+
+variable "admin_password" {
+  description = "LDAP admin password"
+  type        = string
+  sensitive   = true
+}
+
+variable "organization" {
+  description = "Organization name"
+  type        = string
+}
+
+variable "domain" {
+  description = "Organization domain"
+  type        = string
+}

openldap-admin/locals.tf

@@ -0,0 +1,5 @@
+
+locals {
+    docker_image = "wheelybird/ldap-user-manager:${var.docker_tag}"
+    docker_always_pull = var.docker_tag == "latest" ? true : false
+}

openldap-admin/main.tf

@@ -0,0 +1,27 @@
+
+resource "nomad_job" "openldap" {
+  count   = var.enabled ? 1 : 0
+  jobspec = file("${path.module}/nomad/openldap-admin.hcl")
+
+  hcl2 {
+    allow_fs = true
+    vars = {
+      dc                 = jsonencode([var.dc])
+      namespace          = var.namespace
+      hosts              = jsonencode(var.hosts)
+      docker_image       = local.docker_image
+      docker_always_pull = jsonencode(local.docker_always_pull)
+      service_provider   = var.service_provider
+      service_name       = var.service_name
+      service_dns        = jsonencode(var.service_dns)
+      service_type       = var.service_type
+
+      port           = var.port
+      url            = var.url
+      basedn         = var.basedn
+      admin_password = var.admin_password
+      organization   = var.organization
+      domain         = var.domain
+    }
+  }
+}