nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 763c31b1d765eda0a20f1d5616199b61b1eea110
parent e4be0fc3d27c0ee572b89c65ccb1792b08826b4a
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Thu, 21 Aug 2025 19:13:03 +0200

feat: add hortusfox

Diffstat:
Ahcl/default/hortus-fox/data-volume-backup.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/data-volume-img.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/data-volume-logs.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/data-volume-migrations.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/data-volume-themes.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/hortusfox.nomad | 130+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/templates/env.tmpl | 71+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ahcl/default/hortus-fox/templates/nginx.conf.tmpl | 14++++++++++++++
8 files changed, 370 insertions(+), 0 deletions(-)

diff --git a/hcl/default/hortus-fox/data-volume-backup.hcl b/hcl/default/hortus-fox/data-volume-backup.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "hortusfox-backup" +# Display name of the volume. +name = "hortusfox-backup" +# ID of the physical volume from the storage provider +external_id = "csi-hortusfox-backup" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-hortusfox-backup" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/hortus-fox/data-volume-img.hcl b/hcl/default/hortus-fox/data-volume-img.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "hortusfox-img" +# Display name of the volume. +name = "hortusfox-img" +# ID of the physical volume from the storage provider +external_id = "csi-hortusfox-img" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-hortusfox-img" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/hortus-fox/data-volume-logs.hcl b/hcl/default/hortus-fox/data-volume-logs.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "hortusfox-logs" +# Display name of the volume. +name = "hortusfox-logs" +# ID of the physical volume from the storage provider +external_id = "csi-hortusfox-logs" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-hortusfox-logs" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/hortus-fox/data-volume-migrations.hcl b/hcl/default/hortus-fox/data-volume-migrations.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "hortusfox-migrations" +# Display name of the volume. +name = "hortusfox-migrations" +# ID of the physical volume from the storage provider +external_id = "csi-hortusfox-migrations" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-hortusfox-migrations" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/hortus-fox/data-volume-themes.hcl b/hcl/default/hortus-fox/data-volume-themes.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "hortusfox-themes" +# Display name of the volume. +name = "hortusfox-themes" +# ID of the physical volume from the storage provider +external_id = "csi-hortusfox-themes" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-hortusfox-themes" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/hortus-fox/hortusfox.nomad b/hcl/default/hortus-fox/hortusfox.nomad @@ -0,0 +1,130 @@ +# https://github.com/danielbrendel/hortusfox-web/blob/main/README.md +# https://github.com/danielbrendel/hortusfox-web/blob/main/docker-compose.yml + +job "hortusfox" { + datacenters = ["dc1"] + + vault {} + + group "server" { + count = 1 + + volume "tls" { + type = "csi" + source = "certbot" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "hortusfox-img" { + type = "csi" + source = "hortusfox-img" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "hortusfox-logs" { + type = "csi" + source = "hortusfox-logs" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "hortusfox-backup" { + type = "csi" + source = "hortusfox-backup" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "hortusfox-themes" { + type = "csi" + source = "hortusfox-themes" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "hortusfox-migrations" { + type = "csi" + source = "hortusfox-migrations" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + + network { + port "http" { + to = 80 + } + port "https" { + static = 44413 + } + } + + task "nginx" { + driver = "podman" + + config { + image = "docker.io/library/nginx:stable-alpine" + ports = ["https"] + volumes = [ + # mount the templated config from the task directory to the container + "local/hortusfox.conf:/etc/nginx/conf.d/hortusfox.conf", + ] + } + + volume_mount { + volume = "tls" + destination = "/etc/letsencrypt" + } + + template { + destination = "${NOMAD_TASK_DIR}/hortusfox.conf" + data = file("./templates/nginx.conf.tmpl") + } + + resources { + memory = 50 + memory_max = 256 + cpu = 200 + } + } + + task "hortusfox" { + driver = "podman" + + config { + image = "ghcr.io/danielbrendel/hortusfox-web:latest" + force_pull = true + ports = ["http"] + } + + volume_mount { + volume = "hortusfox-img" + destination = "/var/www/html/public/img" + } + volume_mount { + volume = "hortusfox-backup" + destination = "/var/www/html/public/backup" + } + volume_mount { + volume = "hortusfox-themes" + destination = "/var/www/html/public/themes" + } + volume_mount { + volume = "hortusfox-logs" + destination = "/var/www/html/app/logs" + } + volume_mount { + volume = "hortusfox-migrations" + destination = "/var/www/html/app/migrations" + } + + template { + env = true + destination = "${NOMAD_SECRETS_DIR}/env" + data = file("./templates/env.tmpl") + } + + resources { + memory = 512 + memory_max = 1024 + cpu = 500 + } + } + } +} diff --git a/hcl/default/hortus-fox/templates/env.tmpl b/hcl/default/hortus-fox/templates/env.tmpl @@ -0,0 +1,71 @@ +# https://github.com/danielbrendel/hortusfox-web/blob/main/.env.example + +# Asatru PHP - App environment configuration file +# +# Scheme: +# name=value +# Example +# APP_NAME="My App name" +# Datatypes: +# string, integer, float, boolean and null (auto detected) + +# App settings +APP_NAME="HortusFox" +APP_VERSION="5.0" +APP_AUTHOR="Daniel Brendel" +APP_CONTACT="dbrendel1988@gmail.com" +APP_DEBUG=true +APP_BASEDIR="" +APP_LANG="en" +APP_TIMEZONE="UTC" +APP_WORKSPACE="My workspace" +APP_OVERDUETASK_HOURS=10 +APP_CRONJOB_MAILLIMIT=5 +APP_GITHUB_URL="https://github.com/danielbrendel/hortusfox-web" +APP_SERVICE_URL="https://www.hortusfox.com" +APP_GITHUB_SPONSOR="https://github.com/sponsors/danielbrendel" +APP_DONATION_KOFI="https://ko-fi.com/danielbrendel" +APP_SOCIAL_DISCORD="https://discord.gg/kc6xGmjzVS" +APP_SOCIAL_MASTODON="https://mastodon.social/@hortusfox" + +# Update composer dependencies during start if set to true +APP_UPDATEDEPS="true" + +# Admin settings +APP_ADMIN_EMAIL="{{with secret "kv/hortusfox"}}{{index .Data.data.APP_ADMIN_EMAIL}}{{end}}" +APP_ADMIN_PASSWORD="{{with secret "kv/hortusfox"}}{{index .Data.data.APP_ADMIN_PASSWORD}}{{end}}" + +# Session +SESSION_ENABLE=true +SESSION_DURATION=32532000 +SESSION_NAME=null + +# Photo resize factors +PHOTO_RESIZE_FACTOR_DEFAULT=1.0 +PHOTO_RESIZE_FACTOR_1=0.5 +PHOTO_RESIZE_FACTOR_2=0.4 +PHOTO_RESIZE_FACTOR_3=0.4 +PHOTO_RESIZE_FACTOR_4=0.3 +PHOTO_RESIZE_FACTOR_5=0.2 + +# Database settings +DB_ENABLE=true +DB_HOST="mariadb.lan" +DB_DATABASE=hortusfox +DB_USERNAME=hortusfox +DB_PASSWORD="{{with secret "kv/hortusfox"}}{{index .Data.data.DB_PASSWORD}}{{end}}" +DB_PORT=3306 +DB_DRIVER=mysql +DB_CHARSET="utf8mb4" + +# SMTP settings +SMTP_FROMNAME="HortusFox" +SMTP_FROMADDRESS="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_FROMADDRESS}}{{end}}" +SMTP_HOST="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_HOST}}{{end}}" +SMTP_PORT="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_PORT}}{{end}}" +SMTP_USERNAME="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_USERNAME}}{{end}}" +SMTP_PASSWORD="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_PASSWORD}}{{end}}" +SMTP_ENCRYPTION="{{with secret "kv/hortusfox"}}{{index .Data.data.SMTP_ENCRYPTION}}{{end}}" + +# Logging +LOG_ENABLE=true diff --git a/hcl/default/hortus-fox/templates/nginx.conf.tmpl b/hcl/default/hortus-fox/templates/nginx.conf.tmpl @@ -0,0 +1,14 @@ +server { + listen {{ env "NOMAD_PORT_https" }} ssl; + + ssl_certificate /etc/letsencrypt/live/plants.in0rdr.ch/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/plants.in0rdr.ch/privkey.pem; + + location / { + proxy_pass http://{{ env "NOMAD_ADDR_http" }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}