todo.nomad (3711B)
1 # https://man.sr.ht/configuration.md 2 3 job "todo" { 4 datacenters = ["dc1"] 5 6 vault {} 7 8 group "server" { 9 count = 1 10 11 # /alloc/data for static assets 12 ephemeral_disk { 13 size = 500 14 } 15 16 volume "tls" { 17 type = "csi" 18 source = "certbot" 19 access_mode = "multi-node-multi-writer" 20 attachment_mode = "file-system" 21 } 22 23 network { 24 port "web" {} 25 port "api" { 26 # todo: api-origin config.ini not working? 27 to = 5103 28 } 29 port "redis" { 30 to = 6379 31 } 32 port "https" { 33 static = 44408 34 } 35 } 36 37 # Prepare static assets 38 task "prepare_static_assets" { 39 driver = "podman" 40 41 config { 42 image = "127.0.0.1:5000/todo:0.77.4" 43 command = "/bin/sh" 44 args = [ "-c", <<EOT 45 cp -r /usr/local/share/sourcehut/static /alloc/data/ 46 EOT 47 ] 48 } 49 50 lifecycle { 51 hook = "prestart" 52 } 53 } 54 55 task "redict" { 56 driver = "podman" 57 58 config { 59 image = "registry.redict.io/redict:alpine" 60 ports = ["redis"] 61 } 62 63 resources { 64 memory = 50 65 memory_max = 128 66 cpu = 100 67 } 68 69 lifecycle { 70 hook = "prestart" 71 sidecar = true 72 } 73 } 74 75 task "todo_web" { 76 driver = "podman" 77 78 config { 79 image = "127.0.0.1:5000/todo:0.77.4" 80 command = "uwsgi" 81 args = ["${NOMAD_TASK_DIR}/uwsgi.ini"] 82 force_pull = true 83 ports = ["web"] 84 volumes = [ 85 # mount the templated config from the task directory to the container 86 "local/config.ini:/etc/sr.ht/config.ini", 87 ] 88 } 89 90 template { 91 destination = "${NOMAD_TASK_DIR}/uwsgi.ini" 92 data = file("./templates/uwsgi.ini.tmpl") 93 } 94 template { 95 destination = "${NOMAD_TASK_DIR}/config.ini" 96 data = file("./templates/config.ini.tmpl") 97 } 98 99 resources { 100 memory = 50 101 memory_max = 256 102 cpu = 200 103 } 104 } 105 106 task "todo_api" { 107 driver = "podman" 108 109 config { 110 image = "127.0.0.1:5000/todo:0.77.4" 111 command = "/todo/todo.sr.ht-api" 112 force_pull = true 113 ports = ["api"] 114 volumes = [ 115 # mount the templated config from the task directory to the container 116 "local/config.ini:/etc/sr.ht/config.ini", 117 ] 118 } 119 120 # template config file 121 template { 122 destination = "${NOMAD_TASK_DIR}/config.ini" 123 data = file("./templates/config.ini.tmpl") 124 } 125 126 # template pgp data 127 template { 128 destination = "${NOMAD_SECRETS_DIR}/pgp_privkey.pem" 129 data = <<EOT 130 {{with secret "kv/todo"}}{{index .Data.data.pgp_privkey}}{{end}} 131 EOT 132 } 133 template { 134 destination = "${NOMAD_SECRETS_DIR}/pgp_pubkey.pem" 135 data = <<EOT 136 {{with secret "kv/todo"}}{{index .Data.data.pgp_pubkey}}{{end}} 137 EOT 138 } 139 140 resources { 141 memory = 50 142 memory_max = 256 143 cpu = 200 144 } 145 } 146 147 148 task "nginx" { 149 driver = "podman" 150 151 config { 152 image = "docker.io/library/nginx:stable-alpine" 153 ports = ["https"] 154 volumes = [ 155 # mount the templated config from the task directory to the container 156 "local/todo.conf:/etc/nginx/conf.d/todo.conf", 157 ] 158 } 159 160 volume_mount { 161 volume = "tls" 162 destination = "/etc/letsencrypt" 163 } 164 165 template { 166 destination = "${NOMAD_TASK_DIR}/todo.conf" 167 data = file("./templates/nginx.conf.tmpl") 168 } 169 170 resources { 171 memory = 50 172 memory_max = 256 173 cpu = 200 174 } 175 } 176 177 } 178 }