commit df40a1f5c87e1bed07537fcadfa063b1083b813f parent bb6e360166a47ce7e9508e65a32468c33e50aed6 Author: Andreas Gruhler <agruhl@gmx.ch> Date: Sun, 28 Sep 2025 14:50:24 +0200 feat(myheats): add myheats-demo-stable Builds from images that include entire code base and don't build from git Diffstat:
| A | hcl/default/myheats-demo/myheats-demo-stable.nomad | | | 109 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 109 insertions(+), 0 deletions(-)
diff --git a/hcl/default/myheats-demo/myheats-demo-stable.nomad b/hcl/default/myheats-demo/myheats-demo-stable.nomad @@ -0,0 +1,109 @@ +# This job uses the stable images from the registry +# No build/prepare steps are done here, all is read from the image + +job "myheats-demo" { + datacenters = ["dc1"] + + vault {} + + priority = 80 + + group "server" { + count = 1 + + volume "tls" { + type = "csi" + source = "certbot" + access_mode = "multi-node-multi-writer" + attachment_mode = "file-system" + } + + network { + port "frontend_http" { + # Nginx default image always listens on 80 + to = 80 + } + port "api_http" {} + port "proxy_https" { + static = 44396 + } + } + + task "nginx_proxy" { + driver = "podman" + + config { + image = "docker.io/library/nginx:stable-alpine" + ports = ["proxy_https"] + volumes = [ + # mount the templated config from the task directory to the container + "local/nginx-proxy.conf:/etc/nginx/conf.d/default.conf", + ] + } + + volume_mount { + volume = "tls" + destination = "/etc/letsencrypt" + } + + template { + destination = "${NOMAD_TASK_DIR}/nginx-proxy.conf" + data = file("./templates/nginx-proxy.conf.tmpl") + } + + resources { + memory = 50 + memory_max = 256 + cpu = 200 + } + } + + task "frontend" { + driver = "podman" + + config { + # All Vite env variables are backed into the image + # - https://code.in0rdr.ch/myheats/file/Jenkinsfile.html + # In library mode, all import.meta.env.* usage are statically replaced + # when building for production (vite build): + # - https://vite.dev/guide/build.html#library-mode + image = "127.0.0.1:5000/myheats-frontend:latest" + force_pull = true + ports = ["frontend_http"] + } + + resources { + memory = 100 + memory_max = 256 + cpu = 300 + } + } + + task "backend" { + driver = "podman" + + config { + image = "127.0.0.1:5000/myheats-api:latest" + force_pull = true + ports = ["api_http"] + volumes = [ + # mount the templated config from the task directory to the container + "secrets/backend-env:/app/.env.local", + ] + } + + template { + # render sensitive env vars in a template from Vault secrets + env = true + destination = "${NOMAD_SECRETS_DIR}/backend-env" + data = file("./templates/backend-env.local.tmpl") + } + + resources { + memory = 124 + memory_max = 512 + cpu = 300 + } + } + } +}