160 lines
3.8 KiB
HCL
160 lines
3.8 KiB
HCL
job [[ .instance | toJSON ]] {
|
|
|
|
[[- $c := merge .bounca . ]]
|
|
|
|
[[ template "common/job_start.tpl" $c ]]
|
|
|
|
group "bounca" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
|
port = 8749
|
|
|
|
[[ template "common/connect.tpl" $c ]]
|
|
|
|
tags = [
|
|
[[ $p := merge .bounca.public . ]]
|
|
[[ template "common/traefik_tags" $p ]]
|
|
"[[ $p.traefik.instance ]].http.routers.[[ $p.traefik.router ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathPrefix(`[[ (urlParse $c.public_url).Path ]]/public`)",
|
|
[[ template "common/traefik_tags" $c ]]
|
|
]
|
|
|
|
|
|
}
|
|
|
|
[[ template "common/task.wait_for" $c ]]
|
|
[[ template "common/task.pgpooler" $c ]]
|
|
|
|
task "bounca" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
user = 8749
|
|
|
|
config {
|
|
image = [[ $c.image | toJSON ]]
|
|
pids_limit = 50
|
|
readonly_rootfs = true
|
|
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 1000000 ]]
|
|
volumes = ["local/docker_settings.py:/opt/bounca/bounca/docker_settings.py:ro"]
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
|
|
env {
|
|
BOUNCA_MODE = "server"
|
|
BOUNCA_UNIX_SOCKET = "/alloc/data/bounca.sock"
|
|
BOUNCA_HOST = "[[ (urlParse .bounca.public_url).Hostname ]]"
|
|
}
|
|
|
|
[[ template "common/file_env.tpl" $c.env ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[ template "bounca/docker_settings.py.tpl" $c ]]
|
|
_EOT
|
|
destination = "local/docker_settings.py"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[- if ne $c.postgres.pooler.engine "none" ]]
|
|
BOUNCA_DB_USER=[[ .instance ]]
|
|
BOUNCA_DB_PASSWORD={{ env "NOMAD_ALLOC_ID" }}
|
|
BOUNCA_DB_PORT=[[ $c.postgres.pooler.port ]]
|
|
[[- else ]]
|
|
BOUNCA_DB_USER=[[ $c.postgres.user ]]
|
|
BOUNCA_DB_PASSWORD=[[ $c.postgres.password ]]
|
|
BOUNCA_DB_PORT=[[ $c.postgres.port ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/.db.env"
|
|
env = true
|
|
perms = 400
|
|
}
|
|
|
|
[[ template "common/resources.tpl" $c.resources ]]
|
|
}
|
|
|
|
task "public-exporter" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
user = 8749
|
|
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ $c.image | toJSON ]]
|
|
pids_limit = 50
|
|
readonly_rootfs = true
|
|
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 1000000 ]]
|
|
}
|
|
|
|
[[ template "common/vault.policies" $c ]]
|
|
|
|
env {
|
|
BOUNCA_MODE = "public-exporter"
|
|
BOUNCA_PUBLIC_DIR = "/alloc/data/public"
|
|
}
|
|
|
|
[[ template "common/file_env.tpl" $c.env ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[[- if ne $c.postgres.pooler.engine "none" ]]
|
|
BOUNCA_DB_USER=[[ .instance ]]
|
|
BOUNCA_DB_PASSWORD={{ env "NOMAD_ALLOC_ID" }}
|
|
BOUNCA_DB_PORT=[[ $c.postgres.pooler.port ]]
|
|
[[- else ]]
|
|
BOUNCA_DB_USER=[[ $c.postgres.user ]]
|
|
BOUNCA_DB_PASSWORD=[[ $c.postgres.password ]]
|
|
BOUNCA_DB_PORT=[[ $c.postgres.port ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/.db.env"
|
|
env = true
|
|
perms = 400
|
|
}
|
|
|
|
resources {
|
|
cpu = 10
|
|
memory = 10
|
|
memory_max = 20
|
|
}
|
|
}
|
|
|
|
task "nginx" {
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
user = 8749
|
|
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = [[ $c.image | toJSON ]]
|
|
pids_limit = 30
|
|
readonly_rootfs = true
|
|
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 1000000 ]]
|
|
}
|
|
|
|
env {
|
|
BOUNCA_MODE = "front"
|
|
BOUNCA_BIND_ADDR = "127.0.0.1:8749"
|
|
BOUNCA_UNIX_SOCKET = "/alloc/data/bounca.sock"
|
|
BOUNCA_PUBLIC_DIR = "/alloc/data/public"
|
|
BOUNCA_HOST = "[[ (urlParse .bounca.public_url).Hostname ]]"
|
|
}
|
|
|
|
resources {
|
|
cpu = 20
|
|
memory = 20
|
|
}
|
|
}
|
|
}
|
|
}
|