myheats-demo.nomad (4062B)
1 job "myheats-demo" { 2 datacenters = ["dc1"] 3 4 vault {} 5 6 priority = 80 7 8 group "server" { 9 count = 1 10 11 # /alloc/data 12 ephemeral_disk { 13 size = 500 14 } 15 16 volume "tls" { 17 type = "csi" 18 source = "certbot" 19 access_mode = "multi-node-multi-writer" 20 attachment_mode = "file-system" 21 } 22 23 network { 24 port "frontend_http" { 25 # Nginx default image always listens on 80 26 to = 80 27 } 28 port "api_http" {} 29 port "proxy_https" { 30 static = 44396 31 } 32 } 33 34 task "nginx_proxy" { 35 driver = "podman" 36 37 config { 38 image = "docker.io/library/nginx:stable-alpine" 39 ports = ["proxy_https"] 40 volumes = [ 41 # mount the templated config from the task directory to the container 42 "local/nginx-proxy.conf:/etc/nginx/conf.d/default.conf", 43 ] 44 } 45 46 volume_mount { 47 volume = "tls" 48 destination = "/etc/letsencrypt" 49 } 50 51 template { 52 destination = "${NOMAD_TASK_DIR}/nginx-proxy.conf" 53 data = file("./templates/nginx-proxy.conf.tmpl") 54 } 55 56 resources { 57 memory = 50 58 memory_max = 256 59 cpu = 200 60 } 61 } 62 63 # Prepare latest MyHeats frontend release 64 task "build_frontend" { 65 driver = "podman" 66 67 template { 68 # render sensitive env vars in a template from Vault secrets 69 env = true 70 destination = "${NOMAD_SECRETS_DIR}/frontend-env" 71 data = file("./templates/frontend-env.local.tmpl") 72 } 73 74 artifact { 75 source = "https://code.in0rdr.ch/myheats/archive/myheats-master.tar.gz" 76 destination = "local/myheats.tar.gz" 77 options { 78 archive = false 79 filename = "myheats.tar.gz" 80 } 81 mode = "file" 82 } 83 84 config { 85 image = "docker.io/node:18-alpine" 86 command = "/bin/sh" 87 args = [ "-c", <<EOT 88 mkdir -p /alloc/data/myheats && rm -rf /alloc/data/myheats/* 89 tar --strip-components=1 -C /alloc/data/myheats -xvf /local/myheats.tar.gz 90 cd /alloc/data/myheats 91 npm ci 92 npm run build 93 EOT 94 ] 95 volumes = [ 96 # mount the templated config from the task directory to the container 97 "secrets/frontend-env:/${NOMAD_TASK_DIR}/local/app/.env.local", 98 ] 99 } 100 101 resources { 102 memory = 256 103 memory_max = 512 104 cpu = 300 105 } 106 107 lifecycle { 108 hook = "prestart" 109 sidecar = false 110 } 111 } 112 113 task "frontend" { 114 driver = "podman" 115 116 template { 117 destination = "${NOMAD_TASK_DIR}/nginx-frontend.conf" 118 data = file("./templates/nginx-frontend.conf.tmpl") 119 } 120 121 config { 122 image = "docker.io/nginx:alpine" 123 ports = ["frontend_http"] 124 command = "/bin/sh" 125 args = ["-c", <<EOT 126 echo "Copyng new distribution from workdir" 127 rm -rf /usr/share/nginx/html/* 128 cp -r /alloc/data/myheats/dist/* /usr/share/nginx/html/ 129 nginx -g 'daemon off;' 130 EOT 131 ] 132 volumes = [ 133 "local/nginx-frontend.conf:/etc/nginx/conf.d/default.conf", 134 ] 135 } 136 137 resources { 138 memory = 100 139 memory_max = 256 140 cpu = 300 141 } 142 } 143 144 task "backend" { 145 driver = "podman" 146 147 config { 148 image = "docker.io/node:18-alpine" 149 command = "/bin/sh" 150 args = ["-c", "cd /alloc/data/myheats && npm run api"] 151 force_pull = true 152 ports = ["api_http"] 153 volumes = [ 154 # mount the templated config from the task directory to the container 155 "secrets/backend-env:/app/.env.local", 156 ] 157 } 158 159 template { 160 # render sensitive env vars in a template from Vault secrets 161 env = true 162 destination = "${NOMAD_SECRETS_DIR}/backend-env" 163 data = file("./templates/backend-env.local.tmpl") 164 } 165 166 resources { 167 memory = 124 168 memory_max = 512 169 cpu = 300 170 } 171 } 172 } 173 }