nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 480776c4b42fcd629a89fecb06ec6597a9ac693e
parent c9df32b7243c0cea7f5e70a946dcbae82e0c1db8
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Fri, 27 Sep 2024 00:55:08 +0200

feat(myheats-demo): add api

Diffstat:
Mhcl/default/myheats-demo/myheats-demo.nomad | 49++++++++++++++++++++++++++++++++++++++-----------
Ahcl/default/myheats-demo/templates/env.local.tmpl | 43+++++++++++++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+), 11 deletions(-)

diff --git a/hcl/default/myheats-demo/myheats-demo.nomad b/hcl/default/myheats-demo/myheats-demo.nomad @@ -25,9 +25,13 @@ job "myheats-demo" { port "https" { static = 44396 } + port "http" { + # VITE_API_PORT + to = 8000 + } } - task "nginx" { + task "frontend" { driver = "podman" config { @@ -39,18 +43,15 @@ job "myheats-demo" { ] } - env { - VITE_APP_DOC_TITLE = "MyHeats Demo" - } - template { # render sensitive env vars in a template from Vault secrets env = true destination = "${NOMAD_SECRETS_DIR}/env" - data = <<EOT -VITE_APP_SUPABASE_URL = "https://aaxkgqazjhwumoljibld.supabase.co" -VITE_APP_SUPABASE_KEY = "{{with secret "kv/myheats-demo"}}{{index .Data.data.supabase_key}}{{end}}" -EOT + data = file("./templates/env.local.tmpl") + } + template { + destination = "${NOMAD_TASK_DIR}/myheats-demo.conf" + data = file("./templates/nginx.conf.tmpl") } volume_mount { @@ -62,9 +63,35 @@ EOT destination = "/app" } + resources { + memory = 50 + memory_max = 128 + cpu = 200 + } + } + + task "backend" { + driver = "podman" + + config { + image = "127.0.0.1:5000/myheats-demo:latest" + ports = ["http"] + volumes = [ + # mount the templated config from the task directory to the container + "local/myheats-demo.conf:/etc/nginx/conf.d/myheats-demo.conf", + ] + } + template { - destination = "${NOMAD_TASK_DIR}/myheats-demo.conf" - data = file("./templates/nginx.conf.tmpl") + # render sensitive env vars in a template from Vault secrets + env = true + destination = "${NOMAD_SECRETS_DIR}/env" + data = file("./templates/env.local.tmpl") + } + + volume_mount { + volume = "myheats-demo" + destination = "/app" } resources { diff --git a/hcl/default/myheats-demo/templates/env.local.tmpl b/hcl/default/myheats-demo/templates/env.local.tmpl @@ -0,0 +1,43 @@ +############ +# Frontend # +############ + +# Application window title +VITE_APP_DOC_TITLE='MyHeats Demo' +# Cookie TTL in seconds (session ttl in the admin/judges frontend), 60m +VITE_SESSION_TTL=259200 #27h +# Full URI to backend API +VITE_API_URI=http://{{ env "NOMAD_IP_http" }} +# Backend API port +VITE_API_PORT={{ env "NOMAD_PORT_http" }} +# Locale for frontend date formatting +VITE_LOCALE=de-CH + +########### +# Backend # +########### +API_REDIRECT_URI=http://localhost:5173/authverify +# Backend API CORS allowed origins +API_CORS_ALLOW_ORIGIN=http://{{ env "NOMAD_ADDR_https" }} +# JWT secret for magic links (`openssl rand -base64 48`) +API_JWT_SECRET={{with secret "kv/myheats-demo"}}{{index .Data.data.api_jwt_secret}}{{end}} +# JWT TTL in seconds (validity of the magic link), 5m +API_JWT_TTL=3600 #60m + +# SMTP settings for sending magic links +SMTP_HOST={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_host}}{{end}} +# upgrade later with STARTTLS +SMTP_STARTTLS={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_starttls}}{{end}} +SMTP_PORT={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_port}}{{end}} +SMTP_USER={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_user}}{{end}} +SMTP_FROM={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_from}}{{end}} +SMTP_PASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_password}}{{end}} + +# PostgreSQL environment variables +# https://github.com/porsager/postgres?tab=readme-ov-file#environmental-variables +# PGHOST, PGPORT, PGDATABASE, PGUSERNAME, PGPASSWORD, etc. +PGHOST={{with secret "kv/myheats-demo"}}{{index .Data.data.pghost}}{{end}} +PGPORT={{with secret "kv/myheats-demo"}}{{index .Data.data.pgport}}{{end}} +PGDATABASE={{with secret "kv/myheats-demo"}}{{index .Data.data.pgdatabase}}{{end}} +PGUSERNAME={{with secret "kv/myheats-demo"}}{{index .Data.data.pgusername}}{{end}} +PGPASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.pgpassword}}{{end}}