nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit a7585733aa4cbce436ee9c4f778e41ad2ae0384d
parent b0fd6ede14a1a7f8f5242651543e5ed1ed2a9a61
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Sun, 10 Nov 2024 16:53:29 +0100

feat: add snikket

Diffstat:
Ahcl/default/snikket/data-volume.hcl | 31+++++++++++++++++++++++++++++++
Ahcl/default/snikket/snikket.nomad | 119+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ahcl/default/snikket/templates/nginx.conf.tmpl | 14++++++++++++++
Ahcl/default/snikket/templates/snikket.env.tmpl | 16++++++++++++++++
4 files changed, 180 insertions(+), 0 deletions(-)

diff --git a/hcl/default/snikket/data-volume.hcl b/hcl/default/snikket/data-volume.hcl @@ -0,0 +1,31 @@ +# Register external nfs volume with Nomad CSI +# https://www.nomadproject.io/docs/commands/volume/register +type = "csi" +# Unique ID of the volume, volume.source field in a job +id = "snikket" +# Display name of the volume. +name = "snikket" +# ID of the physical volume from the storage provider +external_id = "csi-snikket" +plugin_id = "nfs" + +# You must provide at least one capability block +# You must provide a block for each capability +# youintend to use in a job's volume block +# https://www.nomadproject.io/docs/commands/volume/register +capability { + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" +} + +# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md +context { + server = "turris" + share = "csi-snikket" +} + +mount_options { + # mount.nfs: Either use '-o nolock' to keep locks local, or start statd. + mount_flags = ["nolock"] +} + diff --git a/hcl/default/snikket/snikket.nomad b/hcl/default/snikket/snikket.nomad @@ -0,0 +1,119 @@ +# https://snikket.org/service/resources/docker-compose.yml + +job "snikket" { + datacenters = ["dc1"] + + vault {} + + group "server" { + count = 1 + + volume "tls" { + type = "csi" + source = "certbot" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + volume "snikket" { + type = "csi" + source = "snikket" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + + network { + port "prosody" {} + port "portal" {} + port "https" { + static = 44408 + } + } + + task "nginx" { + driver = "podman" + + config { + image = "docker.io/library/nginx:stable-alpine" + ports = ["https"] + volumes = [ + # mount the templated config from the task directory to the container + "local/snikket.conf:/etc/nginx/conf.d/snikket.conf", + ] + } + + volume_mount { + volume = "tls" + destination = "/etc/letsencrypt" + } + + template { + destination = "${NOMAD_TASK_DIR}/snikket.conf" + data = file("./templates/nginx.conf.tmpl") + } + + resources { + memory = 128 + memory_max = 256 + cpu = 250 + } + } + + task "portal" { + driver = "podman" + + config { + image = "docker.io/snikket/snikket-web-portal:stable" + ports = ["portal"] + } + + volume_mount { + volume = "snikket" + destination = "/snikket" + } + + template { + destination = "${NOMAD_TASK_DIR}/snikket.env" + data = file("./templates/snikket.env.tmpl") + env = true + } + + resources { + memory = 256 + memory_max = 512 + cpu = 250 + } + } + + task "snikket" { + driver = "podman" + + config { + image = "docker.io/snikket/snikket-server:stable" + ports = ["prosody"] + } + + volume_mount { + volume = "snikket" + destination = "/snikket" + } + # Snikket prosody service waits for certificates + volume_mount { + volume = "tls" + destination = "/snikket/letsencrypt" + } + + template { + destination = "${NOMAD_TASK_DIR}/snikket.env" + data = file("./templates/snikket.env.tmpl") + env = true + } + + resources { + memory = 256 + memory_max = 512 + cpu = 250 + } + } + + } +} diff --git a/hcl/default/snikket/templates/nginx.conf.tmpl b/hcl/default/snikket/templates/nginx.conf.tmpl @@ -0,0 +1,14 @@ +server { + listen {{ env "NOMAD_PORT_https" }} ssl; + + ssl_certificate /etc/letsencrypt/live/chat.in0rdr.ch/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chat.in0rdr.ch/privkey.pem; + + location / { + proxy_pass http://{{ env "NOMAD_ADDR_portal" }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/hcl/default/snikket/templates/snikket.env.tmpl b/hcl/default/snikket/templates/snikket.env.tmpl @@ -0,0 +1,16 @@ +# The domain of your Snikket instance +SNIKKET_DOMAIN=chat.in0rdr.ch + +# The email address of the primary admin +SNIKKET_ADMIN_EMAIL={{with secret "kv/snikket"}}{{index .Data.data.admin_email}}{{end}} + +# Server bind settings +# https://github.com/snikket-im/snikket-server/blob/master/Dockerfile +SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0 +SNIKKET_TWEAK_INTERNAL_HTTP_PORT={{ env "NOMAD_PORT_prosody" }} + +# Web portal bind settings +# https://github.com/snikket-im/snikket-web-portal/blob/master/Dockerfile +SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0 +SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_PORT={{ env "NOMAD_PORT_portal" }} +SNIKKET_WEB_PROSODY_ENDPOINT=http://{{ env "NOMAD_ADDR_prosody" }}