nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

snibox.nomad (2227B)


      1 job "snibox" {
      2   datacenters = ["dc1"]
      3 
      4   vault {}
      5 
      6   group "server" {
      7     count = 1
      8 
      9     volume "tls" {
     10       type = "csi"
     11       source = "certbot"
     12       access_mode = "multi-node-multi-writer"
     13       attachment_mode = "file-system"
     14     }
     15     volume "snibox" {
     16       type = "csi"
     17       source = "snibox"
     18       access_mode = "multi-node-multi-writer"
     19       attachment_mode = "file-system"
     20     }
     21 
     22     network {
     23       port "server" {
     24         to = 3000
     25       }
     26       port "https" {
     27         static = 44392
     28       }
     29     }
     30 
     31     task "nginx" {
     32       driver = "podman"
     33 
     34       config {
     35         image = "docker.io/library/nginx:stable-alpine"
     36         ports = ["https"]
     37         volumes = [
     38           # mount the templated config from the task directory to the container
     39           "local/snibox.conf:/etc/nginx/conf.d/snibox.conf",
     40         ]
     41       }
     42 
     43       volume_mount {
     44         volume = "tls"
     45         destination = "/etc/letsencrypt"
     46       }
     47 
     48       template {
     49         destination = "${NOMAD_TASK_DIR}/snibox.conf"
     50         data = file("./templates/nginx.conf.tmpl")
     51       }
     52 
     53       resources {
     54         memory = 50
     55         memory_max = 128
     56         cpu    = 100
     57       }
     58     }
     59 
     60     task "server" {
     61       driver = "podman"
     62 
     63       env {
     64         RAILS_LOG_TO_STDOUT = true
     65         # https://github.com/snibox/snibox/issues/25
     66         RAILS_SERVE_STATIC_FILES = true
     67         DB_NAME = "snibox"
     68         DB_USER = "snibox"
     69         DB_HOST = "postgres.lan"
     70       }
     71 
     72       template {
     73         # render sensitive env vars in a template from Vault secrets
     74         env = true
     75         destination = "${NOMAD_SECRETS_DIR}/env"
     76         data = <<EOT
     77 DB_PASS = "{{with secret "kv/snibox"}}{{index .Data.data.db_password}}{{end}}"
     78 SECRET_KEY_BASE = "{{with secret "kv/snibox"}}{{index .Data.data.secret_key_base}}{{end}}"
     79 EOT
     80       }
     81 
     82       config {
     83         image = "127.0.0.1:5000/snibox:latest"
     84         force_pull = true
     85         command = "/bin/sh"
     86         args = ["-c", "rm -rf tmp/pids && ./bin/rails s -p 3000 -b '0.0.0.0'"]
     87         ports = ["server"]
     88       }
     89 
     90       volume_mount {
     91         volume = "snibox"
     92         destination = "/app/public"
     93       }
     94 
     95       resources {
     96         memory = 50
     97         memory_max = 256
     98         cpu    = 200
     99       }
    100     }
    101   }
    102 }