94 lines
3.0 KiB
HCL
94 lines
3.0 KiB
HCL
job "[[ .instance ]]" {
|
|
|
|
[[- $c := merge .bookstack . ]]
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "bookstack" {
|
|
|
|
count = [[ $c.count ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
[[ template "common/volumes" $c ]]
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
|
port = 8080
|
|
[[ template "common/connect" $c ]]
|
|
|
|
tags = [
|
|
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]",
|
|
|
|
# Define a middleware to set custom CSP headers
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse $c.public_url).Path ]]",
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]",
|
|
[[- else ]]
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c ]]"
|
|
[[- end ]]
|
|
]
|
|
}
|
|
|
|
task "bookstack" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
config {
|
|
image = "[[ $c.image ]]"
|
|
pids_limit = 100
|
|
readonly_rootfs = true
|
|
volumes = ["secrets/bookstack.env:/app/.env"]
|
|
[[ template "common/tmpfs" dict "size" "5000000" "target" "/tmp" ]]
|
|
}
|
|
|
|
env {
|
|
[[ template "common/proxy_env" $c ]]
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
[[ template "common/file_env" $c ]]
|
|
|
|
# Ensure only the first allocation runs the database initialization / upgrades
|
|
template {
|
|
data = <<_EOT
|
|
{{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
|
|
BOOKSTACK_INIT_DB=true
|
|
{{- else }}
|
|
MINIT_DISABLE=bookstack-queue
|
|
BOOKSTACK_INIT_DB=false
|
|
{{- end }}
|
|
_EOT
|
|
destination = "secrets/bookstack_initdb.env"
|
|
env = true
|
|
}
|
|
|
|
# BookStack won't work with env vars because PHP clears env
|
|
# So, publish BookStack settings here
|
|
template {
|
|
data =<<_EOT
|
|
[[- range $k, $v := $c.settings ]]
|
|
[[ $k ]]=[[ $v ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/bookstack.env"
|
|
uid = 100100
|
|
gid = 100000
|
|
perms = 400
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "data"
|
|
destination = "/data"
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
}
|