2024-01-05 13:53:10 +01:00
job "diagrams" {
datacenters = ["dc1"]
group "diagrams" {
network {
mode = "bridge"
service {
name = "diagrams"
port = 8282
connect {
sidecar_service {
sidecar_task {
resources {
cpu = 50
memory = 64
check {
type = "http"
path = "/health"
expose = true
interval = "1m"
timeout = "8s"
check_restart {
limit = 4
grace = "1m"
tags = [
# Define a middleware to set custom CSP headers
"traefik.http.middlewares.diagrams-headers.headers.contentsecuritypolicy=connect-src 'self' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com;default-src 'self';font-src * about:;frame-src 'self' https://*.google.com;img-src * data:;media-src * data:;script-src 'self' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;",
# Main app router
task "diagrams" {
driver = "docker"
config {
2024-01-18 11:34:01 +01:00
image = "danielberteaud/diagrams:22.1.21-1"
2024-01-05 13:53:10 +01:00
pids_limit = 200
readonly_rootfs = true
volumes = [
env {
JAVA_OPTS = "-Djava.io.tmpdir=/local"
template {
data = <<_EOT
window.DRAWIO_BASE_URL = 'https://draw.example.org';
window.DRAWIO_SERVER_URL = 'https://draw.example.org/';
window.DRAWIO_VIEWER_URL = 'https://draw.example.org/js/viewer.min.js';
window.DRAW_MATH_URL = 'math/es5';
window.DRAWIO_CONFIG = null;
urlParams['sync'] = 'manual'; //Disable Real-Time
urlParams['db'] = '0'; //dropbox
urlParams['gh'] = '0'; //github
urlParams['tr'] = '0'; //trello
urlParams['gapi'] = '0'; //Google Drive
urlParams['od'] = '0'; //OneDrive
urlParams['gl'] = '0'; //Gitlab
destination = "local/PreConfig.js"
template {
data = <<_EOT
window.VSD_CONVERT_URL = null;
window.ICONSEARCH_PATH = null;
EditorUi.enableLogging = false; //Disable logging
window.EMF_CONVERT_URL = null;
App.prototype.isDriveDomain = function() { return true; }
destination = "local/PostConfig.js"
# Use a template block instead of env {} so we can fetch values from vault
template {
data = <<_EOT
destination = "secrets/.env"
perms = 400
env = true
resources {
cpu = 200
memory = 256