nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests
commit ef472b3823c257a66254201671a0c0f492440b7b
parent 8e1b83bc8c9088ba613389cd9b63be039956ccb7
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Mon, 18 Sep 2023 01:29:40 +0200

feat: add hivedav

Diffstat:

Ahcl/default/hivedav-demo/hivedav-demo.nomad | 101+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Ahcl/default/hivedav-demo/templates/app.env.tmpl | 7+++++++


Ahcl/default/hivedav-demo/templates/nginx.conf.tmpl | 12++++++++++++


3 files changed, 120 insertions(+), 0 deletions(-)

diff --git a/hcl/default/hivedav-demo/hivedav-demo.nomad b/hcl/default/hivedav-demo/hivedav-demo.nomad
@@ -0,0 +1,101 @@
+job "hivedav-demo" {
+  datacenters = ["dc1"]
+
+  vault {
+    policies = ["hivedav"]
+    change_mode = "noop"
+  }
+
+  group "server" {
+    count = 1
+
+    volume "tls" {		
+      type = "csi"		
+      source = "certbot"		
+      access_mode = "multi-node-multi-writer"		
+      attachment_mode = "file-system"		
+    }
+
+    network {
+      port "https" {}
+      port "hivedav" {
+        to = 3737
+      }
+    }
+
+    service {
+      port = "https"
+    }
+
+    task "nginx" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/library/nginx:stable-alpine"
+        ports = ["https"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/hivedav-demo.conf:/etc/nginx/conf.d/hivedav-demo.conf",
+        ]
+      }
+
+      volume_mount {
+        volume = "tls"
+        destination = "/etc/letsencrypt"
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/hivedav-demo.conf"
+        data = file("./templates/nginx.conf.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 200
+      }
+    }
+
+    task "hivedav-demo" {
+      driver = "podman"
+
+      config {
+        image = "127.0.0.1:5000/hivedav:latest"
+        force_pull = true
+        ports = ["hivedav"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/app.env:/app/app.env",
+        ]
+        #command = "/bin/sh"
+        #args = ["-c", "sleep 3600"]
+      }
+
+      env {
+        HIVEDAV_CALDAV_URI = "https://mail.adfinis.com:8443"
+        HIVEDAV_CALENDAR = 2
+        HIVEDAV_CALDAV_USER = "andreas.gruhler@adfinis.com"
+      }
+
+      template {
+        # render sensitive env vars in a template from Vault secrets
+        env = true
+        destination = "${NOMAD_SECRETS_DIR}/env"
+        data = <<EOT
+HIVEDAV_CALDAV_PASSWORD = "{{with secret "kv/hivedav"}}{{index .Data.data.HIVEDAV_CALDAV_PASSWORD}}{{end}}"
+EOT
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/app.env"
+        data = file("./templates/app.env.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 200
+      }
+    }
+  }
+}
diff --git a/hcl/default/hivedav-demo/templates/app.env.tmpl b/hcl/default/hivedav-demo/templates/app.env.tmpl
@@ -0,0 +1,6 @@
+#HIVEDAV_LISTEN_ADDRESS=127.0.0.1
+#HIVEDAV_LISTEN_PORT=3737
+#HIVEDAV_CALDAV_URI=
+#HIVEDAV_CALENDAR=0
+#HIVEDAV_CALDAV_USER=
+#HIVEDAV_CALDAV_PASSWORD=
+\ No newline at end of file
diff --git a/hcl/default/hivedav-demo/templates/nginx.conf.tmpl b/hcl/default/hivedav-demo/templates/nginx.conf.tmpl
@@ -0,0 +1,12 @@
+server {
+    listen               {{ env "NOMAD_PORT_https" }} ssl;
+
+    ssl_certificate      /etc/letsencrypt/live/meet.in0rdr.ch/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/meet.in0rdr.ch/privkey.pem;
+
+    root                 /app;
+
+    location / {
+        proxy_pass       http://{{ env "NOMAD_ADDR_hivedav" }};
+    }
+}