writefreely.nomad (3923B)
1 job "writefreely" { 2 datacenters = ["dc1"] 3 4 vault {} 5 6 group "server" { 7 count = 1 8 9 volume "tls" { 10 type = "csi" 11 source = "certbot" 12 access_mode = "multi-node-multi-writer" 13 attachment_mode = "file-system" 14 } 15 volume "writefreely" { 16 type = "csi" 17 source = "writefreely" 18 access_mode = "multi-node-multi-writer" 19 attachment_mode = "file-system" 20 } 21 22 network { 23 port "web" {} 24 port "https" { 25 static = 44394 26 } 27 } 28 29 # Prepare database schema 30 # https://github.com/writefreely/writefreely/blob/develop/docker-setup.sh 31 task "db-upgrade" { 32 driver = "podman" 33 34 config { 35 image = "docker.io/arm64v8/mysql:latest" 36 command = "/bin/sh" 37 args = ["-c", "mysql < $NOMAD_TASK_DIR/schema.sql"] 38 volumes = [ 39 # mount the templated config from the task directory to the container 40 "local/my.cnf:/etc/mysql/conf.d/my.cnf", 41 ] 42 43 } 44 45 template { 46 # Fetch sensitive db connection vars from Vault secrets 47 destination = "${NOMAD_TASK_DIR}/my.cnf" 48 data = file("./templates/my.cnf.tmpl") 49 } 50 template { 51 # Create db tables 52 destination = "${NOMAD_TASK_DIR}/schema.sql" 53 data = file("./templates/schema.sql.tmpl") 54 } 55 56 resources { 57 memory = 50 58 memory_max = 128 59 cpu = 100 60 } 61 62 lifecycle { 63 hook = "prestart" 64 sidecar = false 65 } 66 } 67 68 # Generate keys used for the encryption of certain user data. 69 # Because user data becomes unrecoverable without these keys, 70 # this won't overwrite any existing key, and instead outputs a message. 71 # https://github.com/writefreely/writefreely/blob/develop/docker-setup.sh 72 task "gen-keys" { 73 driver = "podman" 74 75 config { 76 image = "ghcr.io/writefreely/writefreely:latest" 77 entrypoint = [""] 78 command = "/bin/sh" 79 args = ["-c", "cmd/writefreely/writefreely --gen-keys || true"] 80 volumes = [ 81 # mount the templated config from the task directory to the container 82 "local/config.ini:/go/config.ini", 83 ] 84 } 85 86 volume_mount { 87 volume = "writefreely" 88 destination = "/go/keys" 89 } 90 91 template { 92 destination = "${NOMAD_TASK_DIR}/config.ini" 93 data = file("./templates/config.ini.tmpl") 94 } 95 96 resources { 97 memory = 50 98 memory_max = 128 99 cpu = 100 100 } 101 102 lifecycle { 103 hook = "prestart" 104 sidecar = false 105 } 106 } 107 108 task "writefreely" { 109 driver = "podman" 110 111 config { 112 image = "ghcr.io/writefreely/writefreely:latest" 113 force_pull = true 114 ports = ["web"] 115 volumes = [ 116 # mount the templated config from the task directory to the container 117 "local/config.ini:/go/config.ini", 118 ] 119 } 120 121 volume_mount { 122 volume = "writefreely" 123 destination = "/go/keys" 124 } 125 126 template { 127 destination = "${NOMAD_TASK_DIR}/config.ini" 128 data = file("./templates/config.ini.tmpl") 129 } 130 131 resources { 132 memory = 50 133 memory_max = 256 134 cpu = 200 135 } 136 } 137 138 task "nginx" { 139 driver = "podman" 140 141 config { 142 image = "docker.io/library/nginx:stable-alpine" 143 ports = ["https"] 144 volumes = [ 145 # mount the templated config from the task directory to the container 146 "local/writefreely.conf:/etc/nginx/conf.d/writefreely.conf", 147 ] 148 } 149 150 volume_mount { 151 volume = "tls" 152 destination = "/etc/letsencrypt" 153 } 154 155 template { 156 destination = "${NOMAD_TASK_DIR}/writefreely.conf" 157 data = file("./templates/nginx.conf.tmpl") 158 } 159 160 resources { 161 memory = 50 162 memory_max = 256 163 cpu = 200 164 } 165 } 166 167 } 168 }