nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 9983b3cfba9afd5770bf6fdb6d5f8700a784195f
parent befe742bafa806071652f76f83948ded19d8cc58
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Mon, 13 May 2024 23:30:59 +0200

feat: add freshrss

Diffstat:
Ahcl/default/freshrss/data-volume-data.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/freshrss/data-volume-ext.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/freshrss/freshrss.nomad | 99+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ahcl/default/freshrss/templates/nginx.conf.tmpl | 14++++++++++++++
4 files changed, 175 insertions(+), 0 deletions(-)

diff --git a/hcl/default/freshrss/data-volume-data.hcl b/hcl/default/freshrss/data-volume-data.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "freshrss-data" +# Display name of the volume. +name = "freshrss-data" +# ID of the physical volume from the storage provider +external_id = "csi-freshrss-data" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-freshrss-data" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/freshrss/data-volume-ext.hcl b/hcl/default/freshrss/data-volume-ext.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "freshrss-ext" +# Display name of the volume. +name = "freshrss-ext" +# ID of the physical volume from the storage provider +external_id = "csi-freshrss-ext" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-freshrss-ext" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/freshrss/freshrss.nomad b/hcl/default/freshrss/freshrss.nomad @@ -0,0 +1,99 @@ +job "freshrss" { + datacenters = ["dc1"] + + group "server" { + count = 1 + + volume "tls" { + type = "csi" + source = "certbot" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "freshrss-data" { + type = "csi" + source = "freshrss-data" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "freshrss-ext" { + type = "csi" + source = "freshrss-ext" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + + network { + port "server" { + to = 80 + } + port "https" {} + } + + service { + port = "https" + } + + task "nginx" { + driver = "podman" + + config { + image = "docker.io/library/nginx:stable-alpine" + ports = ["https"] + volumes = [ + # mount the templated config from the task directory to the container + "local/freshrss.conf:/etc/nginx/conf.d/snibox.conf", + ] + } + + volume_mount { + volume = "tls" + destination = "/etc/letsencrypt" + } + + template { + destination = "${NOMAD_TASK_DIR}/freshrss.conf" + data = file("./templates/nginx.conf.tmpl") + } + + resources { + memory = 50 + memory_max = 128 + cpu = 100 + } + } + + task "server" { + driver = "podman" + + env { + # https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/freshrss/example.env + # https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/README.md#environment-variables + BASE_URL = "https://rss.in0rdr.ch" + TZ = "Europe/Zurich" + CRON_MIN = "*/20" + } + + config { + image = "docker.io/freshrss/freshrss:latest" + force_pull = true + ports = ["server"] + } + + volume_mount { + volume = "freshrss-data" + destination = "/var/www/FreshRSS/data" + } + volume_mount { + volume = "freshrss-ext" + destination = "/var/www/FreshRSS/extensions" + } + + resources { + memory = 150 + memory_max = 300 + cpu = 300 + } + } + } +} diff --git a/hcl/default/freshrss/templates/nginx.conf.tmpl b/hcl/default/freshrss/templates/nginx.conf.tmpl @@ -0,0 +1,14 @@ +server { + listen {{ env "NOMAD_PORT_https" }} ssl; + + ssl_certificate /etc/letsencrypt/live/rss.in0rdr.ch/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rss.in0rdr.ch/privkey.pem; + + location / { + proxy_pass http://{{ env "NOMAD_ADDR_server" }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}