140 lines
3.7 KiB
HCL
140 lines
3.7 KiB
HCL
job "diagrams" {
|
|
|
|
|
|
datacenters = ["dc1"]
|
|
region = "global"
|
|
|
|
|
|
|
|
|
|
group "diagrams" {
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "diagrams"
|
|
port = 8282
|
|
|
|
connect {
|
|
sidecar_service {
|
|
}
|
|
sidecar_task {
|
|
config {
|
|
args = [
|
|
"-c",
|
|
"${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
|
|
"-l",
|
|
"${meta.connect.log_level}",
|
|
"--concurrency",
|
|
"${meta.connect.proxy_concurrency}",
|
|
"--disable-hot-restart"
|
|
]
|
|
}
|
|
|
|
resources {
|
|
cpu = 50
|
|
memory = 64
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
|
|
check {
|
|
type = "http"
|
|
path = "/health"
|
|
expose = true
|
|
interval = "1m"
|
|
timeout = "8s"
|
|
|
|
check_restart {
|
|
limit = 4
|
|
grace = "1m"
|
|
}
|
|
}
|
|
|
|
tags = [
|
|
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.diagrams.entrypoints=https",
|
|
"traefik.http.routers.diagrams.rule=Host(`draw.example.org`)",
|
|
"traefik.http.middlewares.csp-diagrams.headers.contentsecuritypolicy=connect-src 'self' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com;default-src 'self';font-src * about:;frame-src 'self' https://*.google.com;img-src * data:;media-src * data:;script-src 'self' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;",
|
|
"traefik.http.routers.diagrams.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-diagrams",
|
|
|
|
]
|
|
}
|
|
|
|
task "diagrams" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "danielberteaud/diagrams:24.2.0-1"
|
|
pids_limit = 200
|
|
readonly_rootfs = true
|
|
volumes = [
|
|
"local/PreConfig.js:/opt/tomcat/webapps/draw/js/PreConfig.js",
|
|
"local/PostConfig.js:/opt/tomcat/webapps/draw/js/PostConfig.js"
|
|
]
|
|
}
|
|
|
|
env {
|
|
JAVA_OPTS = "-Djava.io.tmpdir=/local"
|
|
TOMCAT_ADDRESS = "127.0.0.1"
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
window.DRAWIO_BASE_URL = 'https://draw.example.org';
|
|
window.DRAWIO_SERVER_URL = 'https://draw.example.org/';
|
|
window.DRAWIO_VIEWER_URL = 'https://draw.example.org/js/viewer.min.js';
|
|
window.DRAWIO_LIGHTBOX_URL = '';
|
|
window.DRAW_MATH_URL = 'math/es5';
|
|
window.DRAWIO_CONFIG = null;
|
|
urlParams['sync'] = 'manual'; //Disable Real-Time
|
|
urlParams['db'] = '0'; //dropbox
|
|
urlParams['gh'] = '0'; //github
|
|
urlParams['tr'] = '0'; //trello
|
|
urlParams['gapi'] = '0'; //Google Drive
|
|
urlParams['od'] = '0'; //OneDrive
|
|
urlParams['gl'] = '0'; //Gitlab
|
|
|
|
_EOT
|
|
destination = "local/PreConfig.js"
|
|
}
|
|
|
|
template {
|
|
data = <<_EOT
|
|
window.VSD_CONVERT_URL = null;
|
|
window.ICONSEARCH_PATH = null;
|
|
EditorUi.enableLogging = false; //Disable logging
|
|
window.EMF_CONVERT_URL = null;
|
|
App.prototype.isDriveDomain = function() { return true; }
|
|
|
|
_EOT
|
|
destination = "local/PostConfig.js"
|
|
}
|
|
|
|
|
|
|
|
# Use a template block instead of env {} so we can fetch values from vault
|
|
template {
|
|
data = <<_EOT
|
|
LANG=fr_FR.utf8
|
|
TZ=Europe/Paris
|
|
_EOT
|
|
destination = "secrets/.env"
|
|
perms = 400
|
|
env = true
|
|
}
|
|
|
|
|
|
resources {
|
|
cpu = 200
|
|
memory = 256
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|