job "boardgame-manager" {


  datacenters = ["dc1"]
  region      = "global"




  group "boardgame-manager" {

    network {
      mode = "bridge"
    }

    service {
      name = "boardgame-manager"
      port = 8080

      connect {
        sidecar_service {
        }
        sidecar_task {
          config {
            args = [
              "-c",
              "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
              "-l",
              "${meta.connect.log_level}",
              "--concurrency",
              "${meta.connect.proxy_concurrency}",
              "--disable-hot-restart"
            ]
          }

          resources {
            cpu    = 50
            memory = 64
          }

        }
      }


      tags = [

        "traefik.enable=true",
        "traefik.http.routers.boardgame-manager.entrypoints=https",
        "traefik.http.routers.boardgame-manager.rule=Host(`bgm.example.org`)",
        "traefik.http.middlewares.csp-boardgame-manager.headers.contentsecuritypolicy=default-src 'self';font-src 'self' data:;img-src 'self' data: https://www.gravatar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
        "traefik.http.routers.boardgame-manager.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-boardgame-manager",

      ]
    }

    volume "data" {
      type            = "csi"
      source          = "bgm-data"
      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
    }



    task "boardgame-manager" {
      driver = "docker"

      config {
        image           = "danielberteaud/boardgame-manager:24.3-1"
        pids_limit      = 100
        readonly_rootfs = true
      }

      env {

        LANG = "fr_FR.utf8"
        TZ   = "Europe/Paris"

      }

      volume_mount {
        volume      = "data"
        destination = "/opt/bgm/databases"
      }


      resources {
        cpu    = 20
        memory = 192
      }


    }


  }
}