commit 753f6b23e7b2c345ce1e3f65597d04795e073cac
parent ca72f7884e99f02b2453a235fc9b920ac516bff6
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Sat, 1 Feb 2025 17:40:12 +0100
feat: add silverbullet
Diffstat:
3 files changed, 130 insertions(+), 0 deletions(-)
diff --git a/hcl/default/silverbullet/data-volume.hcl b/hcl/default/silverbullet/data-volume.hcl
@@ -0,0 +1,31 @@
+# Register external nfs volume with Nomad CSI
+# https://www.nomadproject.io/docs/commands/volume/register
+type = "csi"
+# Unique ID of the volume, volume.source field in a job
+id = "silverbullet"
+# Display name of the volume.
+name = "silverbullet"
+# ID of the physical volume from the storage provider
+external_id = "csi-silverbullet"
+plugin_id = "nfs"
+
+# You must provide at least one capability block
+# You must provide a block for each capability
+# youintend to use in a job's volume block
+# https://www.nomadproject.io/docs/commands/volume/register
+capability {
+ access_mode = "multi-node-multi-writer"
+ attachment_mode = "file-system"
+}
+
+# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
+context {
+ server = "turris"
+ share = "csi-silverbullet"
+}
+
+mount_options {
+ # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
+ mount_flags = ["nolock"]
+}
+
diff --git a/hcl/default/silverbullet/silverbullet.nomad b/hcl/default/silverbullet/silverbullet.nomad
@@ -0,0 +1,89 @@
+# https://silverbullet.md/Install/Docker
+job "silverbullet" {
+ datacenters = ["dc1"]
+
+ vault {}
+
+ group "server" {
+ count = 1
+
+ volume "silverbullet" {
+ type = "csi"
+ source = "silverbullet"
+ access_mode = "multi-node-multi-writer"
+ attachment_mode = "file-system"
+ }
+ volume "tls" {
+ type = "csi"
+ source = "certbot"
+ access_mode = "multi-node-multi-writer"
+ attachment_mode = "file-system"
+ }
+
+ network {
+ port "http" {
+ to = 3000
+ }
+ port "https" {
+ static = 44407
+ }
+ }
+
+ task "silverbullet" {
+ driver = "podman"
+
+ config {
+ image = "docker.io/zefhemel/silverbullet:latest"
+ ports = ["http"]
+ }
+
+ template {
+ destination = "${NOMAD_SECRETS_DIR}/silverbullet.env"
+ env = true
+ data = <<EOT
+SB_USER = "{{with secret "kv/silverbullet"}}{{index .Data.data.sb_user}}{{end}}"
+EOT
+ }
+
+ volume_mount {
+ volume = "silverbullet"
+ destination = "/space"
+ }
+
+ resources {
+ memory = 256
+ memory_max = 512
+ cpu = 250
+ }
+ }
+
+ task "nginx" {
+ driver = "podman"
+
+ config {
+ image = "docker.io/library/nginx:stable-alpine"
+ ports = ["https"]
+ volumes = [
+ # mount the templated config from the task directory to the container
+ "local/silverbullet.conf:/etc/nginx/conf.d/silverbullet.conf",
+ ]
+ }
+
+ volume_mount {
+ volume = "tls"
+ destination = "/etc/letsencrypt"
+ }
+
+ template {
+ destination = "${NOMAD_TASK_DIR}/silverbullet.conf"
+ data = file("./templates/nginx.conf.tmpl")
+ }
+
+ resources {
+ memory = 50
+ memory_max = 128
+ cpu = 200
+ }
+ }
+ }
+}
diff --git a/hcl/default/silverbullet/templates/nginx.conf.tmpl b/hcl/default/silverbullet/templates/nginx.conf.tmpl
@@ -0,0 +1,10 @@
+server {
+ listen {{ env "NOMAD_PORT_https" }} ssl;
+
+ ssl_certificate /etc/letsencrypt/live/notes.in0rdr.ch/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/notes.in0rdr.ch/privkey.pem;
+
+ location / {
+ proxy_pass http://{{ env "NOMAD_ADDR_http" }};
+ }
+}
