nomad-vault-tls.nomad (1212B)
1 variable "api_addr" { 2 type = string 3 description = "Vault domain name (API address)" 4 } 5 6 variable "user" { 7 type = string 8 description = "Unix user to launch the job with. Needs sudo privileges to reload vault and copy certificates." 9 } 10 11 job "vault-tls" { 12 datacenters = ["dc1"] 13 type = "batch" 14 15 periodic { 16 crons = [ 17 "@daily" 18 ] 19 } 20 21 group "vault-tls" { 22 count = 5 23 constraint { 24 distinct_hosts = true 25 } 26 27 volume "tls" { 28 type = "csi" 29 source = "certbot" 30 access_mode = "multi-node-multi-writer" 31 attachment_mode = "file-system" 32 } 33 34 task "vault-tls" { 35 driver = "exec" 36 user = var.user 37 38 template { 39 destination = "${NOMAD_TASK_DIR}/vault-tls.sh" 40 data = file("./templates/vault-tls.sh.tmpl") 41 perms = 755 42 } 43 44 config { 45 pid_mode = "host" # need to send SIGHUP to vault to reload config file 46 command = "${NOMAD_TASK_DIR}/vault-tls.sh" 47 args = [var.api_addr] 48 } 49 50 volume_mount { 51 volume = "tls" 52 destination = "/etc/letsencrypt" 53 } 54 55 resources { 56 memory = 16 57 memory_max = 32 58 cpu = 20 59 } 60 } 61 } 62 }