118 lines
3.9 KiB
HCL
118 lines
3.9 KiB
HCL
[[ $c := merge .bgm . -]]
|
|
job [[ .instance | toJSON ]] {
|
|
|
|
[[- template "common/job_start" $c ]]
|
|
|
|
group "boardgame-manager" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ $c.consul.suffix ]]"
|
|
port = 8080
|
|
|
|
[[ template "common/connect" $c ]]
|
|
|
|
tags = [
|
|
"[[ $c.traefik.instance ]].enable=true",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .bgm.public_url).Hostname ]]`)
|
|
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]] && PathPrefix(`[[ (urlParse .bgm.public_url).Path ]]`)[[ end ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].tls=true",
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-csp[[ $c.consul.suffix ]].headers.contentSecurityPolicy=default-src 'self'; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:",
|
|
[[- if not (regexp.Match "^/?$" (urlParse .bgm.public_url).Path) ]]
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]][[ $c.consul.suffix ]]-path.stripprefix.prefixes=[[ (urlParse .bgm.public_url).Path ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]][[ $c.consul.suffix ]]-path,[[ .instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
|
|
[[- else ]]
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ $c.consul.suffix ]].middlewares=[[ .instance ]]-csp[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
|
|
[[- end ]]
|
|
]
|
|
}
|
|
|
|
volume "data" {
|
|
type = [[ .bgm.volumes.data.type | toJSON ]]
|
|
source = [[ .bgm.volumes.data.source | toJSON ]]
|
|
[[- if ne .bgm.volumes.data.type "host" ]]
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
[[- end ]]
|
|
}
|
|
|
|
[[ if and .bgm.backup.enabled (not (eq .bgm.backup.cron "")) -]]
|
|
volume "backup" {
|
|
type = [[ .bgm.volumes.backup.type | toJSON ]]
|
|
source = [[ .bgm.volumes.backup.source | toJSON ]]
|
|
[[- if ne .bgm.volumes.backup.type "host" ]]
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
[[- end ]]
|
|
}
|
|
[[- end ]]
|
|
|
|
task "boardgame-manager" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
config {
|
|
image = [[ .bgm.image | toJSON ]]
|
|
pids_limit = 100
|
|
readonly_rootfs = true
|
|
}
|
|
|
|
env {
|
|
[[ template "common/env" $c.env ]]
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/opt/bgm/databases"
|
|
}
|
|
|
|
[[ template "common/resources" .bgm.resources ]]
|
|
|
|
}
|
|
|
|
[[ if and .bgm.backup.enabled (not (eq .bgm.backup.cron "")) -]]
|
|
task "backup" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ .bgm.backup.image | toJSON ]]
|
|
pids_limit = 50
|
|
readonly_rootfs = true
|
|
command = "supercronic"
|
|
args = [
|
|
"/secrets/backup.cron"
|
|
]
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ .bgm.backup.cron ]] dump-sqlite /data/data.db /backup
|
|
_EOT
|
|
destination = "secrets/backup.cron"
|
|
}
|
|
|
|
# Mount the data volume readonly so we can read the DB
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/data"
|
|
read_only = true
|
|
}
|
|
|
|
# Mount the backup volume
|
|
volume_mount {
|
|
volume = "backup"
|
|
destination = "/backup"
|
|
}
|
|
[[ template "common/resources" .bgm.backup.resources ]]
|
|
}
|
|
[[- end ]]
|
|
}
|
|
}
|