nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests
commit 480776c4b42fcd629a89fecb06ec6597a9ac693e
parent c9df32b7243c0cea7f5e70a946dcbae82e0c1db8
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Fri, 27 Sep 2024 00:55:08 +0200

feat(myheats-demo): add api

Diffstat:

Mhcl/default/myheats-demo/myheats-demo.nomad | 49++++++++++++++++++++++++++++++++++++++-----------


Ahcl/default/myheats-demo/templates/env.local.tmpl | 43+++++++++++++++++++++++++++++++++++++++++++


2 files changed, 81 insertions(+), 11 deletions(-)

diff --git a/hcl/default/myheats-demo/myheats-demo.nomad b/hcl/default/myheats-demo/myheats-demo.nomad
@@ -25,9 +25,13 @@ job "myheats-demo" {
       port "https" {
         static = 44396
       }
+      port "http" {
+        # VITE_API_PORT
+        to = 8000
+      }
     }
 
-    task "nginx" {
+    task "frontend" {
       driver = "podman"
 
       config {
@@ -39,18 +43,15 @@ job "myheats-demo" {
         ]
       }
 
-      env {
-        VITE_APP_DOC_TITLE = "MyHeats Demo"
-      }
-
       template {
         # render sensitive env vars in a template from Vault secrets
         env = true
         destination = "${NOMAD_SECRETS_DIR}/env"
-        data = <<EOT
-VITE_APP_SUPABASE_URL = "https://aaxkgqazjhwumoljibld.supabase.co"
-VITE_APP_SUPABASE_KEY = "{{with secret "kv/myheats-demo"}}{{index .Data.data.supabase_key}}{{end}}"
-EOT
+        data = file("./templates/env.local.tmpl")
+      }
+      template {
+        destination = "${NOMAD_TASK_DIR}/myheats-demo.conf"
+        data = file("./templates/nginx.conf.tmpl")
       }
 
       volume_mount {
@@ -62,9 +63,35 @@ EOT
         destination = "/app"
       }
 
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 200
+      }
+    }
+
+    task "backend" {
+      driver = "podman"
+
+      config {
+        image = "127.0.0.1:5000/myheats-demo:latest"
+        ports = ["http"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/myheats-demo.conf:/etc/nginx/conf.d/myheats-demo.conf",
+        ]
+      }
+
       template {
-        destination = "${NOMAD_TASK_DIR}/myheats-demo.conf"
-        data = file("./templates/nginx.conf.tmpl")
+        # render sensitive env vars in a template from Vault secrets
+        env = true
+        destination = "${NOMAD_SECRETS_DIR}/env"
+        data = file("./templates/env.local.tmpl")
+      }
+
+      volume_mount {
+        volume = "myheats-demo"
+        destination = "/app"
       }
 
       resources {
diff --git a/hcl/default/myheats-demo/templates/env.local.tmpl b/hcl/default/myheats-demo/templates/env.local.tmpl
@@ -0,0 +1,43 @@
+############
+# Frontend #
+############
+
+# Application window title
+VITE_APP_DOC_TITLE='MyHeats Demo'
+# Cookie TTL in seconds (session ttl in the admin/judges frontend), 60m
+VITE_SESSION_TTL=259200 #27h
+# Full URI to backend API
+VITE_API_URI=http://{{ env "NOMAD_IP_http" }}
+# Backend API port
+VITE_API_PORT={{ env "NOMAD_PORT_http" }}
+# Locale for frontend date formatting
+VITE_LOCALE=de-CH
+
+###########
+# Backend #
+###########
+API_REDIRECT_URI=http://localhost:5173/authverify
+# Backend API CORS allowed origins
+API_CORS_ALLOW_ORIGIN=http://{{ env "NOMAD_ADDR_https" }}
+# JWT secret for magic links (`openssl rand -base64 48`)
+API_JWT_SECRET={{with secret "kv/myheats-demo"}}{{index .Data.data.api_jwt_secret}}{{end}}
+# JWT TTL in seconds (validity of the magic link), 5m
+API_JWT_TTL=3600 #60m
+
+# SMTP settings for sending magic links
+SMTP_HOST={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_host}}{{end}}
+# upgrade later with STARTTLS
+SMTP_STARTTLS={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_starttls}}{{end}}
+SMTP_PORT={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_port}}{{end}}
+SMTP_USER={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_user}}{{end}}
+SMTP_FROM={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_from}}{{end}}
+SMTP_PASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_password}}{{end}}
+
+# PostgreSQL environment variables
+# https://github.com/porsager/postgres?tab=readme-ov-file#environmental-variables
+# PGHOST, PGPORT, PGDATABASE, PGUSERNAME, PGPASSWORD, etc.
+PGHOST={{with secret "kv/myheats-demo"}}{{index .Data.data.pghost}}{{end}}
+PGPORT={{with secret "kv/myheats-demo"}}{{index .Data.data.pgport}}{{end}}
+PGDATABASE={{with secret "kv/myheats-demo"}}{{index .Data.data.pgdatabase}}{{end}}
+PGUSERNAME={{with secret "kv/myheats-demo"}}{{index .Data.data.pgusername}}{{end}}
+PGPASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.pgpassword}}{{end}}