nomad

hivedav-demo.nomad (2758B)

---

 job "hivedav-demo" {
   datacenters = ["dc1"]
 
   priority = 80
 
   vault {}
 
   constraint {
     # image only built for arm
     attribute = "${attr.cpu.arch}"
     value     = "arm64"
   }
 
   group "server" {
     count = 1
 
     volume "tls" {		
       type = "csi"		
       source = "certbot"		
       access_mode = "multi-node-multi-writer"		
       attachment_mode = "file-system"		
     }
 
     network {
       port "https" {
         static = 44399
       }
       port "hivedav" {
         to = 3737
         static = 44398
       }
     }
 
     task "nginx" {
       driver = "podman"
 
       config {
         image = "docker.io/library/nginx:stable-alpine"
         ports = ["https"]
         volumes = [
           # mount the templated config from the task directory to the container
           "local/hivedav-demo.conf:/etc/nginx/conf.d/hivedav-demo.conf",
         ]
       }
 
       volume_mount {
         volume = "tls"
         destination = "/etc/letsencrypt"
       }
 
       template {
         destination = "${NOMAD_TASK_DIR}/hivedav-demo.conf"
         data = file("./templates/nginx.conf.tmpl")
       }
 
       resources {
         memory = 50
         memory_max = 128
         cpu    = 200
       }
     }
 
     task "hivedav-demo" {
       driver = "podman"
 
       config {
         image = "127.0.0.1:5000/hivedav:41710c7fb9ba4d85811ef64545bd0e8586b26192"
         force_pull = true
         ports = ["hivedav"]
         volumes = [
           # mount the templated config from the task directory to the container
           "local/app.env:/app/app.env",
         ]
         #command = "/bin/sh"
         #args = ["-c", "sleep 3600"]
       }
 
       env {
         HIVEDAV_HOST = "meet.in0rdr.ch"
         HIVEDAV_CALENDAR = 2
       }
 
       template {
         # render sensitive env vars in a template from Vault secrets
         env = true
         destination = "${NOMAD_SECRETS_DIR}/env"
         data = <<EOT
 HIVEDAV_CALDAV_HOST = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_CALDAV_HOST}}{{end}}"
 HIVEDAV_CALDAV_USER = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_CALDAV_USER}}{{end}}"
 HIVEDAV_CALDAV_PASSWORD = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_CALDAV_PASSWORD}}{{end}}"
 HIVEDAV_SMTP_HOST = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_SMTP_HOST}}{{end}}"
 HIVEDAV_SMTP_USER = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_SMTP_USER}}{{end}}"
 HIVEDAV_SMTP_PASSWORD = "{{with secret "kv/hivedav-demo"}}{{index .Data.data.HIVEDAV_SMTP_PASSWORD}}{{end}}"
 EOT
       }
 
       template {
         destination = "${NOMAD_TASK_DIR}/app.env"
         data = file("./templates/app.env.tmpl")
       }
 
       resources {
         memory = 50
         memory_max = 128
         cpu    = 200
       }
     }
   }
 }