153 lines
3.3 KiB
HCL
153 lines
3.3 KiB
HCL
[[ $c := merge .repo.nginx . -]]
|
|
|
|
job "[[ .instance ]]" {
|
|
|
|
[[- $c := merge .repo.nginx . ]]
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "web" {
|
|
|
|
count = [[ .repo.nginx.count ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
volume "repo" {
|
|
type = "[[ .repo.volumes.repo.type ]]"
|
|
source = "[[ .repo.volumes.repo.source ]]"
|
|
[[- if ne .repo.volumes.repo.type "host" ]]
|
|
access_mode = "multi-node-single-writer"
|
|
attachment_mode = "file-system"
|
|
[[- end ]]
|
|
read_only = true
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]]-web[[ .consul.suffix ]]"
|
|
port = 8080
|
|
|
|
[[ template "common/connect" $c ]]
|
|
|
|
tags = [
|
|
[[ template "common/traefik_tags" $c ]]
|
|
]
|
|
}
|
|
|
|
task "nginx" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
user = 2022
|
|
|
|
config {
|
|
image = "[[ .repo.nginx.image ]]"
|
|
pids_limit = 50
|
|
readonly_rootfs = true
|
|
volumes = [
|
|
"local/nginx.conf:/etc/nginx/conf.d/default.conf"
|
|
]
|
|
[[ template "common/tmpfs" "/tmp" ]]
|
|
}
|
|
|
|
[[ template "common/file_env" $c ]]
|
|
|
|
template {
|
|
data = <<_EOF
|
|
[[ template "repo/nginx.conf.tpl" ]]
|
|
_EOF
|
|
destination = "local/nginx.conf"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "repo"
|
|
destination = "/data"
|
|
read_only = true
|
|
}
|
|
|
|
[[ template "common/resources" .repo.nginx.resources ]]
|
|
}
|
|
}
|
|
|
|
[[- $c := merge .repo.rsync . ]]
|
|
|
|
group "rsync" {
|
|
|
|
network {
|
|
mode = "bridge"
|
|
port "ssh" {}
|
|
}
|
|
|
|
volume "repo" {
|
|
type = "[[ .repo.volumes.repo.type ]]"
|
|
source = "[[ .repo.volumes.repo.source ]]"
|
|
[[- if ne .repo.volumes.repo.type "host" ]]
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-single-writer"
|
|
[[- end ]]
|
|
}
|
|
|
|
volume "ssh" {
|
|
type = "[[ .repo.volumes.ssh.type ]]"
|
|
source = "[[ .repo.volumes.ssh.source ]]"
|
|
[[- if ne .repo.volumes.ssh.type "host" ]]
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
[[- end ]]
|
|
}
|
|
|
|
service {
|
|
name = "[[ .instance ]]-rsync[[ .consul.suffix ]]"
|
|
port = "ssh"
|
|
tags = [
|
|
[[ template "common/traefik_tags" merge .repo.rsync .repo . ]]
|
|
]
|
|
}
|
|
|
|
task "rsync-ssh" {
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
config {
|
|
image = "[[ .repo.rsync.image ]]"
|
|
pids_limit = 100
|
|
readonly_rootfs = true
|
|
[[ template "common/tmpfs" "/tmp" ]]
|
|
}
|
|
|
|
env {
|
|
SSHD_PORT = "${NOMAD_PORT_ssh}"
|
|
[[ template "common/env" $c ]]
|
|
}
|
|
|
|
vault {
|
|
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
|
env = false
|
|
disable_file = true
|
|
}
|
|
|
|
template {
|
|
data = <<-_EOF
|
|
{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}
|
|
{{- range $idx, $key := .Data.data.ssh_keys | split "," -}}
|
|
SSH_AUTH_KEY_{{ $idx }}={{ $key }}
|
|
{{ end }}{{ end }}
|
|
_EOF
|
|
destination = "secrets/env"
|
|
env = true
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "repo"
|
|
destination = "/data"
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "ssh"
|
|
destination = "/config"
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
}
|
|
|
|
# vim: syntax=hcl
|