nomad
/
boardgame-manager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

This commit is contained in:
Daniel Berteaud 2024-01-26 22:30:40 +01:00
parent a8b37d3240
commit 83749a7edd
4 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
boardgame-manager.nomad.hcl
View File

@ -1,33 +1,36 @@
[[ $c := merge .bgm . -]]
job [[ .instance | toJSON ]] {
job "[[ .instance ]]" {
[[- template "common/job_start" $c ]]
[[ template "common/job_start" $c ]]
group "boardgame-manager" {
network {
mode = "bridge"
}
service {
name = "[[ .instance ]][[ $c.consul.suffix ]]"
name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8080
[[ template "common/connect" $c ]]
tags = [
[[- if $c.traefik.enabled ]]
"[[ $c.traefik.instance ]].enable=true",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`)
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`)
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] && PathPrefix(`[[ (urlParse .bgm.public_url).Path ]]`)[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-csp[[ $c.consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-csp[[ .consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]]
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ $c.consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-path,[[ .instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ .consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]][[ .consul.suffix ]]-path,[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
[[- else ]]
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-csp[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
[[- end ]]
]
[[- end ]]
}
volume "data" {
@ -51,10 +54,10 @@ job [[ .instance | toJSON ]] {
[[- end ]]
task "boardgame-manager" {
driver = [[ $c.nomad.driver | toJSON ]]
driver = "[[ $c.nomad.driver ]]"
config {
image = [[ .bgm.image | toJSON ]]
image = "[[ .bgm.image ]]"
pids_limit = 100
readonly_rootfs = true
}
@ -68,13 +71,13 @@ job [[ .instance | toJSON ]] {
destination = "/opt/bgm/databases"
}
[[ template "common/resources" .bgm.resources ]]
[[ template "common/resources" $c ]]
}
[[ if and .bgm.backup.enabled (not (eq .bgm.backup.cron "")) -]]
task "backup" {
driver = [[ $c.nomad.driver | toJSON ]]
driver = "[[ $c.nomad.driver ]]"
lifecycle {
hook = "poststart"
@ -82,20 +85,17 @@ job [[ .instance | toJSON ]] {
}
config {
image = [[ .bgm.backup.image | toJSON ]]
image = "[[ .bgm.backup.image ]]"
pids_limit = 50
readonly_rootfs = true
command = "supercronic"
args = [
"/secrets/backup.cron"
]
command = "minit"
}
template {
data =<<_EOT
[[ .bgm.backup.cron ]] dump-sqlite /data/data.db /backup
_EOT
destination = "secrets/backup.cron"
env {
MINIT_MAIN = "dump-sqlite /data/data.db /backup"
MINIT_MAIN_NAME = "sqlite-dumper"
MINIT_MAIN_KIND = "cron"
MINIT_MAIN_CRON = "[[ .bgm.backup.cron ]]"
}
# Mount the data volume readonly so we can read the DB

16
example/boardgame-manager.nomad.hcl
View File

@ -1,8 +1,11 @@
job "boardgame-manager" {
datacenters = ["dc1"]
group "boardgame-manager" {
network {
mode = "bridge"
}
@ -15,6 +18,18 @@ job "boardgame-manager" {
sidecar_service {
}
sidecar_task {
config {
args = [
"-c",
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
"-l",
"${meta.connect.log_level}",
"--concurrency",
"${meta.connect.proxy_concurrency}",
"--disable-hot-restart"
]
}
resources {
cpu = 50
memory = 64
@ -64,6 +79,7 @@ job "boardgame-manager" {
destination = "/opt/bgm/databases"
}
resources {
cpu = 20
memory = 192

2
example/images/boardgame-manager/Dockerfile
View File

@ -1,4 +1,4 @@
FROM danielberteaud/alma:9.24.1-3
FROM danielberteaud/alma:9.24.1-6
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
RUN set -eux &&\

6
variables.yml
View File

@ -30,6 +30,12 @@ bgm:
# Public URL where the app will be exposed
public_url: https://bgm.example.org
# Traefik settings
traefik:
middlewares:
- compression@file
- csp-relaxed@file
backup:
enabled: false
image: '[[ .docker.repo ]][[ .docker.base_images.sqlite.image ]]'