job "smtp-relay" {


  datacenters = ["dc1"]
  region      = "global"




  group "smtp-relay" {

    count = 1

    network {
      mode = "bridge"
    }

    volume "smtp-relay" {
      type            = "csi"
      source          = "smtp-relay"
      attachment_mode = "file-system"
      access_mode     = "single-node-writer"
      per_alloc       = true
    }

    service {
      name = "smtp-relay"
      port = 8025

      connect {
        sidecar_service {
        }
        sidecar_task {
          config {
            args = [
              "-c",
              "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
              "-l",
              "${meta.connect.log_level}",
              "--concurrency",
              "${meta.connect.proxy_concurrency}",
              "--disable-hot-restart"
            ]
          }

          resources {
            cpu    = 50
            memory = 64
          }

        }
      }

    }

    task "exim" {
      driver = "docker"

      config {
        image = "danielberteaud/exim-relay:24.3-1"
      }

      vault {
        policies     = ["smtp-relay"]
        env          = false
        disable_file = true
      }

      env {
        HOSTNAME                    = "smtp-relay.service.consul"
        LOCAL_DOMAINS               = ""
        RELAY_FROM_HOSTS            = "127.0.0.1"
        DISABLE_SENDER_VERIFICATION = "true"
        SMARTHOST                   = "smtp.example.org::587"


      }
      template {
        data        = <<_EOF
# SMTP Auth
SMTP_USERNAME=smtp@example.org
SMTP_PASSWORD={{ with secret "kv/service/smtp-relay" }}{{ .Data.data.pwd }}{{ end }}
_EOF
        destination = "secrets/env"
        uid         = 100000
        gid         = 100000
        perms       = 0400
        env         = true
      }

      volume_mount {
        volume      = "smtp-relay"
        destination = "/var/spool/exim"
      }


      resources {
        cpu    = 10
        memory = 20
      }


    }
  }
}