From 93e119d76773da08096e7814115422ce92d01bff Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sat, 14 Oct 2023 00:20:49 +0200 Subject: [PATCH] First commit --- boardgame-manager.nomad.hcl | 62 +++++++++++++++++++ bundles.yml | 4 ++ .../service-defaults/boardgame-manager.hcl | 3 + .../service-intentions/boardgame-manager.hcl | 15 +++++ images/boardgame-manager/Dockerfile | 21 +++++++ variables.yml | 27 ++++++++ 6 files changed, 132 insertions(+) create mode 100644 boardgame-manager.nomad.hcl create mode 100644 bundles.yml create mode 100644 consul/config/service-defaults/boardgame-manager.hcl create mode 100644 consul/config/service-intentions/boardgame-manager.hcl create mode 100644 images/boardgame-manager/Dockerfile create mode 100644 variables.yml diff --git a/boardgame-manager.nomad.hcl b/boardgame-manager.nomad.hcl new file mode 100644 index 0000000..888a96d --- /dev/null +++ b/boardgame-manager.nomad.hcl @@ -0,0 +1,62 @@ +[[ $c := merge .bgm . -]] +job [[ .bgm.instance | toJSON ]] { + +[[- template "common/job_start.tpl" $c ]] + + group "boardgame-manager" { + network { + mode = "bridge" + } + + service { + name = "[[ .bgm.instance ]][[ $c.consul.suffix ]]" + port = 8080 + +[[ template "common/connect.tpl" $c ]] + + tags = [ + "[[ $c.traefik.instance ]].enable=true", + "[[ $c.traefik.instance ]].http.routers.[[ .bgm.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`) + [[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] && PathPrefix(`[[ (urlParse .bgm.public_url).Path ]]`)[[ end ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .bgm.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .bgm.instance ]][[ $c.consul.suffix ]].tls=true", + "[[ $c.traefik.instance ]].http.middlewares.[[ .bgm.instance ]]-csp[[ $c.consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:", + [[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] + "[[ $c.traefik.instance ]].http.middlewares.[[ .bgm.instance ]][[ $c.consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]", + "[[ $c.traefik.instance ]].http.routers.[[ .bgm.instance ]][[ $c.consul.suffix ]].middlewares=[[ .bgm.instance ]][[ $c.consul.suffix ]]-path,[[ .bgm.instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]", + [[- else ]] + "[[ $c.traefik.instance ]].http.routers.[[ .bgm.instance ]][[ $c.consul.suffix ]].middlewares=[[ .bgm.instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]", + [[- end ]] + ] + } + + volume "boardgame-manager" { + type = [[ .bgm.volumes.data.type | toJSON ]] + source = [[ .bgm.volumes.data.source | toJSON ]] + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + task "boardgame-manager" { + driver = [[ $c.nomad.driver | toJSON ]] + + config { + image = [[ .bgm.image | toJSON ]] + pids_limit = 100 + readonly_rootfs = true + } + + env { +[[ template "common/env.tpl" $c.env ]] + } + + volume_mount { + volume = "boardgame-manager" + destination = "/opt/bgm/databases" + } + +[[ template "common/resources.tpl" .bgm.resources ]] + + } + } +} diff --git a/bundles.yml b/bundles.yml new file mode 100644 index 0000000..5b9120e --- /dev/null +++ b/bundles.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - url: ../common.git diff --git a/consul/config/service-defaults/boardgame-manager.hcl b/consul/config/service-defaults/boardgame-manager.hcl new file mode 100644 index 0000000..4a010cd --- /dev/null +++ b/consul/config/service-defaults/boardgame-manager.hcl @@ -0,0 +1,3 @@ +Kind = "service-defaults" +Name = "[[ .bgm.instance ]][[ .consul.suffix ]]" +Protocol = "http" diff --git a/consul/config/service-intentions/boardgame-manager.hcl b/consul/config/service-intentions/boardgame-manager.hcl new file mode 100644 index 0000000..6f24dd5 --- /dev/null +++ b/consul/config/service-intentions/boardgame-manager.hcl @@ -0,0 +1,15 @@ +Kind = "service-intentions" +Name = "[[ .bgm.instance ]][[ .consul.suffix ]]" +Sources = [ + { + Name = "[[ (merge .bgm .).traefik.instance ]]" + Permissions = [ + { + Action = "allow" + HTTP { + PathPrefix = "/" + } + } + ] + } +] diff --git a/images/boardgame-manager/Dockerfile b/images/boardgame-manager/Dockerfile new file mode 100644 index 0000000..63ceff3 --- /dev/null +++ b/images/boardgame-manager/Dockerfile @@ -0,0 +1,21 @@ +FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]] +MAINTAINER [[ .docker.maintainer ]] + +RUN set -eux &&\ + microdnf -y --best --nodocs --noplugins --setopt=install_weak_deps=0 update &&\ + rpm -qa --qf "%{NAME}\n" | sort > /tmp/before.txt &&\ + microdnf -y --best --nodocs --noplugins --setopt=install_weak_deps=0 install git npm unzip &&\ + rpm -qa --qf "%{NAME}\n" | sort > /tmp/after.txt &&\ + curl -fsSL https://bun.sh/install | BUN_INSTALL=/usr/local bash &&\ + cd /opt/ &&\ + git clone --depth=1 https://github.com/oscgr/eht-boardgame-manager.git bgm &&\ + cd bgm &&\ + bun install &&\ + npm install sqlite3 --save &&\ + microdnf remove -y $(comm -13 /tmp/before.txt /tmp/after.txt) &&\ + microdnf clean all &&\ + rm -rf /var/cache/yum/* /var/log/yum/* /tmp/before.txt /tmp/after.txt /var/lib/dnf/history* + +EXPOSE 8080 +WORKDIR /opt/bgm +CMD ["bun", "start"] diff --git a/variables.yml b/variables.yml new file mode 100644 index 0000000..aa4c7ca --- /dev/null +++ b/variables.yml @@ -0,0 +1,27 @@ +--- + +bgm: + + # Name of the instance + instance: boardgame-manager + + # Image to use + image: danielberteaud/boardgame-manager:latest + + # Resource allocation for the container + resources: + cpu: 20 + memory: 192 + + # Additional env var + env: {} + + # Boardgame manager needs a volume to store its SQLite DB + volumes: + data: + type: csi + source: boardgame-manager + + # Public URL where the app will be exposed + public_url: https://bgm.example.org +