job "[[ .instance ]]" {

[[ template "common/job_start" . ]]

  group "cloudbeaver" {
[[- $c := merge .cloudbeaver . ]]
[[ template "common/group_start" $c ]]

    network {
      mode = "bridge"
[[- if conv.ToBool $c.prometheus.enabled ]]
      port "metrics" {}
[[- end ]]
    }

[[ template "common/volumes" $c ]]

    service {
      name = "[[ .instance ]][[ .consul.suffix ]]"
      port = 8978
[[ template "common/service_meta" $c ]]
[[ template "common/connect" $c ]]

      tags = [
[[ template "common/traefik_tags" $c ]]
      ]
    }

[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgpooler" $c ]]

    task "cloudbeaver" {
      driver = "[[ $c.nomad.driver ]]"

      config {
        image           = "[[ $c.image ]]"
        pids_limit      = 100
        readonly_rootfs = true
[[ template "common/tmpfs" "/tmp" ]]
      }

[[ template "common/vault.policies" $c ]]

      env {
        CLOUDBEAVER_WEB_CONFIG = "/local/cloudbeaver.conf"
      }

[[ template "common/file_env" $c ]]

      # Postgres DB config
      template {
        data = <<_EOT
PGDATABASE=[[ $c.postgres.database ]]
[[- if ne $c.postgres.pooler.engine "none" ]]
PGHOST=127.0.0.1
PGPORT=6432
PGUSER=[[ .instance ]]
PGPASSWORD={{ env "NOMAD_ALLOC_ID" }}
[[- else ]]
PGHOST=[[ $c.postgres.host ]]
PGPORT=[[ $c.postgres.port ]]
PGUSER=[[ $c.postgres.user ]]
PGPASSWORD=[[ $c.postgres.password ]]
[[- end ]]
_EOT
        destination = "secrets/.db.env"
        perms       = 0400
        env         = true
      }

      # Main cloudbeaver configuration
      template {
        data = <<_EOT
[[- if isKind "map" $c.config ]]
[[ (merge $c.config (tmpl.Exec "cloudbeaver/cloudbeaver.conf" $c | json)) | toJSONPretty "  " | replaceAll "${" "$${" ]]
[[- else if isKind "string" $c.config ]]
[[ (merge ($c.config | yaml) (tmpl.Exec "cloudbeaver/cloudbeaver.conf" $c | json)) | toJSONPretty "  " | replaceAll "${" "$${" ]]
[[- end ]]
_EOT
        destination = "local/cloudbeaver.conf"
      }

      # Logback config
      template {
        data = <<_EOT
[[ template "cloudbeaver/logback.xml" $c ]]
_EOT
        destination = "local/logback.xml"
      }

      # Initial config (admin user and teams)
      template {
        data = <<_EOT
[[ tmpl.Exec "cloudbeaver/initial-data.conf" $c | replaceAll "${" "$${" ]]
_EOT
        destination = "secrets/initial-data.conf"
        uid         = 100000
        gid         = 108978
        perms       = 440
      }

      # Mount persistent volume in /data
      volume_mount {
        volume      = "data"
        destination = "/data"
      }

[[ template "common/resources" $c ]]
    }
  }
}