[[- $c := merge .mariadb.server . -]]
job [[ .mariadb.instance | toJSON ]] {

[[ template "common/job_start.tpl" $c ]]

  group "server" {

    network {
      mode = "bridge"
    }

    volume "mariadb" {
      type            = [[ .mariadb.server.volumes.mariadb.type | toJSON ]]
      source          = [[ .mariadb.server.volumes.mariadb.source | toJSON ]]
      access_mode     = "single-node-writer"
      attachment_mode = "file-system"
      per_alloc       = true
    }

    service {
      name = "[[ .mariadb.instance ]][[ $c.consul.suffix ]]"
      port = 3306

[[ template "common/connect.tpl" $c ]]

      check {
        name     = "alive"
        type     = "script"
        task     = "mariadb"
        command  = "mysqladmin"
        args     = [
          "ping"
        ]
        timeout  = "10s"
        interval = "5s"
      }

[[- if $c.traefik.enabled ]]
      tags = [
        "[[ $c.traefik.instance ]].enable=true",
        "[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].rule=HostSNI(`*`)",
        "[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
        "[[ $c.traefik.instance ]].tcp.routers.[[ .mariadb.instance ]][[ $c.consul.suffix ]].middlewares=[[ join $c.traefik.middlewares "," ]]"
      ]
[[- end ]]
    }

    # Run mysql_upgrade
    task "manage" {
      driver = [[ $c.nomad.driver | toJSON ]]

      lifecycle {
        hook = "poststart"
      }

      config {
        image = [[ .mariadb.manage.image | toJSON ]]
        pids_limit = 50
        readonly_rootfs = true
        command = "/local/mysql_upgrade.sh"
        volumes = [
          "secrets/my.cnf:/root/.my.cnf:ro"
        ]
      }

      vault {
        policies     = ["[[ .mariadb.instance ]][[ .consul.suffix ]]"]
        env          = false
        disable_file = true
      }

      template {
        data = <<_EOT
[client]
user = root
password = {{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT
        destination = "secrets/my.cnf"
        uid = 100100
        gid = 100101
        perms = 640
      }

      template {
        data        = <<_EOT
[[ template "mariadb/mysql_upgrade.sh.tpl" $c ]]
_EOT
        destination = "local/mysql_upgrade.sh"
        perms       = 755
      }

      resources {
        cpu = 10
        memory = 32
        memory_max = 64
      }
    }

    task "mariadb" {
      driver = [[ $c.nomad.driver | toJSON ]]
      leader = true

      kill_timeout = "5m"

      config {
        image      = [[ .mariadb.server.image | toJSON ]]
        volumes    = [
          "secrets/:/etc/my.cnf.d",
          "secrets/my.conf:/var/lib/mysql/.my.cnf:ro",
        ]
        pids_limit = 300
        #readonly_rootfs = true
      }

      vault {
        policies     = ["[[ .mariadb.instance ]][[ .consul.suffix ]]"]
        env          = false
        disable_file = true
      }

      env {
        MYSQL_CONF_11_bind-address = "127.0.0.1"
[[ template "common/env.tpl" $c.env ]]
      }

      template {
        data = <<_EOT
{{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}
MYSQL_ROOT_PASSWORD={{ .Data.data.root_pwd }}
{{ end }}
_EOT
        destination = "secrets/mariadb.env"
        uid         = 100000
        gid         = 100000
        perms       = 400
        env         = true
      }

      template {
        data = <<_EOT
[client]
user = root
password = {{ with secret "[[ .vault.prefix ]]kv/service/[[ .mariadb.instance ]]" }}{{ .Data.data.root_pwd }}{{ end }}
_EOT
        destination = "secrets/my.conf"
        uid = 100100
        gid = 100101
        perms = 640
      }

      volume_mount {
        volume      = "mariadb"
        destination = "/data"
      }

[[ template "common/resources.tpl" .mariadb.server.resources ]]

    }
  }
}