unifi/unifi.nomad.hcl

job "unifi" {

  datacenters = [[ .nomad.datacenters | toJSON ]]

  group "unifi" {

    network {
      mode = "bridge"
      port "stun" {}
    }

    service {
      name = "unifi[[ .env.suffix ]]"
      port = 8888

      connect {
        sidecar_service {
          proxy {
            [[- if has .proxy "service_name" ]]
            upstreams {
              destination_name = [[ .proxy.service_name | toJSON ]]
              local_bind_port = 3128
            }
            [[- end ]]
            upstreams {
              destination_name = [[ .mail.smtp_service_name | toJSON ]]
              local_bind_port  = 25
            }
          }
        }
        sidecar_task {
[[ template "common/resources.tpl" .envoy ]]
        }
      }

      tags = [
        "[[ .env.traefik ]].enable=true",

        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
          [[- (urlParse .unifi.inform.public_url).Hostname -]]
            `) && (Path(`/inform`) || PathPrefix(`/dl/firmware-cached`))",
        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join .unifi.inform.traefik.entrypoints "," ]]",
        "[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ join .unifi.inform.traefik.middlewares  "," ]]",

        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
          [[- (urlParse .unifi.controller.public_url).Hostname -]]`)
            [[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join .unifi.controller.traefik.entrypoints "," ]]",
        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",
        "[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ join .unifi.controller.traefik.middlewares  "," ]]",

        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
          [[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
            `) && PathPrefix(`/guest`)",
        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join .unifi.guest_portal.traefik.entrypoints "," ]]",
        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",
        "[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ join .unifi.guest_portal.traefik.middlewares  "," ]]"

      ]
    }

    service {
      name = "unifi-stun[[ .env.suffix ]]"
      port = "stun"

      tags = [
        "[[ .env.traefik ]].enable=true",
        "[[ .env.traefik ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
        "[[ .env.traefik ]].consulcatalog.connect=false"
      ]
    }

    service {
      name = "unifi-mongo[[ .env.suffix ]]"
      port = 27017

      connect {
        sidecar_service {}
        sidecar_task {
[[ template "common/resources.tpl" .envoy ]]
        }
      }

      check {
        type     = "script"
        command  = "sh"
        args     = ["-c", "mongo --eval 'db.runCommand(\"ping\").ok'"]
        interval = "30s"
        timeout  = "5s"
        task     = "mongo"
      }

    }

    volume "unifi-data" {
      type            = [[ .unifi.controller.volume.type | toJSON ]]
      source          = [[ .unifi.controller.volume.source | toJSON ]]
      access_mode     = "single-node-writer"
      attachment_mode = "file-system"
    }

    volume "unifi-mongo" {
      type            = [[ .unifi.mongo.volume.type | toJSON ]]
      source          = [[ .unifi.mongo.volume.source | toJSON ]]
      access_mode     = "single-node-writer"
      attachment_mode = "file-system"
    }

[[ template "common/task.wait_for.tpl" dict 
  "ctx" .
  "SERVICE_1" "unifi-mongo" ]]

    task "nginx" {
      driver = [[ .unifi.nginx.driver | toJSON ]]
      user = 8306

      lifecycle {
        hook = "poststart"
        sidecar = "true"
      }

      config {
        image = [[ .unifi.nginx.image | toJSON ]]
        volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]
      }

      template {
        data =<<_EOF
[[ template "unifi/nginx/nginx.conf.tpl" . ]]
_EOF
        destination = "local/nginx.conf"
      }

      [[ template "common/resources.tpl" .unifi.nginx.resources ]]
    }

    task "controller" {

      leader = true
      driver = [[ .unifi.controller.driver | toJSON ]]

      config {
        image = [[ .unifi.controller.image | toJSON ]]
        volumes = [
          "local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
        ]
        mount {
          type     = "tmpfs"
          target   = "/opt/unifi/run"
          readonly = false
        }
      }

      env {
        JAVA_OPTS = "-Djava.awt.headless=true -Dlogback.configurationFile=/local/logback.xml
          [[- if has .proxy "service_name" ]] -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "|" ]][[ end ]]"
        [[ template "common/env.tpl" .unifi.controller.env ]]
      }

      template {
        data =<<_EOF
[[ template "unifi/controller/system.properties.tpl" . ]]
_EOF
        destination = "secrets/system.properties"
      }

      template {
        data =<<_EOF
[[ template "unifi/controller/logback.xml.tpl" ]]
_EOF
        destination = "local/logback.xml"
      }

      template {
        data =<<_EOF
[[ template "unifi/controller/init-system.properties.sh.tpl" . ]]
_EOF
        destination = "local/init-system.properties.sh"
        perms = "755"
      }

      volume_mount {
        volume      = "unifi-data"
        destination = "/data"
      }

      [[ template "common/resources.tpl" .unifi.controller.resources ]]

    }

    task "mongo" {
      driver = [[ .unifi.mongo.driver | toJSON ]]
      user   = 999

      lifecycle {
        hook = "prestart"
        sidecar = "true"
      }

      config {
        image = [[ .unifi.mongo.image | toJSON ]]
        command = "mongod"
        args = [
          "--config",
          "/local/mongod.conf"
        ]
      }

      template {
        data =<<_EOF
[[ template "unifi/mongo/mongod.conf.tpl" . ]]
_EOF
        destination = "local/mongod.conf"
      }

      volume_mount {
        volume = "unifi-mongo"
        destination = "/data/db"
      }

[[ template "common/resources.tpl" .unifi.mongo.resources ]]

    }
  }
}
Start job skeletton 2023-08-22 00:12:44 +02:00			`job "unifi" {`

More or less working 2023-08-23 23:16:59 +02:00			`datacenters = [[ .nomad.datacenters \| toJSON ]]`
Start job skeletton 2023-08-22 00:12:44 +02:00
Remove mongodb_exporter 2023-08-25 00:18:53 +02:00			`group "unifi" {`
Start job skeletton 2023-08-22 00:12:44 +02:00
			`network {`
			`mode = "bridge"`
			`port "stun" {}`
			`}`

More or less working 2023-08-23 23:16:59 +02:00			`service {`
			`name = "unifi[[ .env.suffix ]]"`
			`port = 8888`
Start job skeletton 2023-08-22 00:12:44 +02:00
			`connect {`
More or less working 2023-08-23 23:16:59 +02:00			`sidecar_service {`
			`proxy {`
			`[[- if has .proxy "service_name" ]]`
			`upstreams {`
			`destination_name = [[ .proxy.service_name \| toJSON ]]`
			`local_bind_port = 3128`
			`}`
			`[[- end ]]`
Remove mongodb_exporter 2023-08-25 00:18:53 +02:00			`upstreams {`
			`destination_name = [[ .mail.smtp_service_name \| toJSON ]]`
			`local_bind_port = 25`
			`}`
More or less working 2023-08-23 23:16:59 +02:00			`}`
			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00			`sidecar_task {`
			`[[ template "common/resources.tpl" .envoy ]]`
			`}`
			`}`

			`tags = [`
			`"[[ .env.traefik ]].enable=true",`
More or less working 2023-08-23 23:16:59 +02:00
			"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].rule=Host(`
			`[[- (urlParse .unifi.inform.public_url).Hostname -]]`
			`) && (Path(`/inform`) \|\| PathPrefix(`/dl/firmware-cached`))",
Start job skeletton 2023-08-22 00:12:44 +02:00			`"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].entrypoints=[[ join .unifi.inform.traefik.entrypoints "," ]]",`
More or less working 2023-08-23 23:16:59 +02:00			`"[[ .env.traefik ]].http.routers.unifi-inform[[ .env.suffix ]].middlewares=[[ join .unifi.inform.traefik.middlewares "," ]]",`

			"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].rule=Host(`
			[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
			[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
			`"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].entrypoints=[[ join .unifi.controller.traefik.entrypoints "," ]]",`
			`"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].tls=true",`
			`"[[ .env.traefik ]].http.routers.unifi-controller[[ .env.suffix ]].middlewares=[[ join .unifi.controller.traefik.middlewares "," ]]",`

			"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].rule=Host(`
			`[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]`
			`) && PathPrefix(`/guest`)",
			`"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].entrypoints=[[ join .unifi.guest_portal.traefik.entrypoints "," ]]",`
			`"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].tls=true",`
			`"[[ .env.traefik ]].http.routers.unifi-portal[[ .env.suffix ]].middlewares=[[ join .unifi.guest_portal.traefik.middlewares "," ]]"`

Start job skeletton 2023-08-22 00:12:44 +02:00			`]`
			`}`

More or less working 2023-08-23 23:16:59 +02:00			`service {`
			`name = "unifi-stun[[ .env.suffix ]]"`
			`port = "stun"`
Start job skeletton 2023-08-22 00:12:44 +02:00
			`tags = [`
			`"[[ .env.traefik ]].enable=true",`
More or less working 2023-08-23 23:16:59 +02:00			`"[[ .env.traefik ]].udp.routers.unifi-stun[[ .env.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",`
			`"[[ .env.traefik ]].consulcatalog.connect=false"`
Start job skeletton 2023-08-22 00:12:44 +02:00			`]`
			`}`

More or less working 2023-08-23 23:16:59 +02:00			`service {`
			`name = "unifi-mongo[[ .env.suffix ]]"`
			`port = 27017`
Start job skeletton 2023-08-22 00:12:44 +02:00
			`connect {`
			`sidecar_service {}`
			`sidecar_task {`
			`[[ template "common/resources.tpl" .envoy ]]`
			`}`
			`}`

More or less working 2023-08-23 23:16:59 +02:00			`check {`
			`type = "script"`
			`command = "sh"`
			`args = ["-c", "mongo --eval 'db.runCommand(\"ping\").ok'"]`
			`interval = "30s"`
			`timeout = "5s"`
			`task = "mongo"`
			`}`

Start job skeletton 2023-08-22 00:12:44 +02:00			`}`

More or less working 2023-08-23 23:16:59 +02:00			`volume "unifi-data" {`
			`type = [[ .unifi.controller.volume.type \| toJSON ]]`
			`source = [[ .unifi.controller.volume.source \| toJSON ]]`
			`access_mode = "single-node-writer"`
			`attachment_mode = "file-system"`
			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`volume "unifi-mongo" {`
			`type = [[ .unifi.mongo.volume.type \| toJSON ]]`
			`source = [[ .unifi.mongo.volume.source \| toJSON ]]`
			`access_mode = "single-node-writer"`
			`attachment_mode = "file-system"`
Start job skeletton 2023-08-22 00:12:44 +02:00			`}`

More or less working 2023-08-23 23:16:59 +02:00			`[[ template "common/task.wait_for.tpl" dict`
Start job skeletton 2023-08-22 00:12:44 +02:00			`"ctx" .`
			`"SERVICE_1" "unifi-mongo" ]]`

More or less working 2023-08-23 23:16:59 +02:00			`task "nginx" {`
			`driver = [[ .unifi.nginx.driver \| toJSON ]]`
			`user = 8306`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`lifecycle {`
			`hook = "poststart"`
			`sidecar = "true"`
			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`config {`
			`image = [[ .unifi.nginx.image \| toJSON ]]`
			`volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]`
			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`template {`
			`data =<<_EOF`
			`[[ template "unifi/nginx/nginx.conf.tpl" . ]]`
			`_EOF`
			`destination = "local/nginx.conf"`
			`}`

			`[[ template "common/resources.tpl" .unifi.nginx.resources ]]`
Start job skeletton 2023-08-22 00:12:44 +02:00			`}`

Remove mongodb_exporter 2023-08-25 00:18:53 +02:00			`task "controller" {`
More or less working 2023-08-23 23:16:59 +02:00
			`leader = true`
			`driver = [[ .unifi.controller.driver \| toJSON ]]`

			`config {`
			`image = [[ .unifi.controller.image \| toJSON ]]`
			`volumes = [`
			`"local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"`
			`]`
			`mount {`
Use a custom Docker image 2023-08-24 11:08:39 +02:00			`type = "tmpfs"`
			`target = "/opt/unifi/run"`
More or less working 2023-08-23 23:16:59 +02:00			`readonly = false`
			`}`
			`}`

			`env {`
			`JAVA_OPTS = "-Djava.awt.headless=true -Dlogback.configurationFile=/local/logback.xml`
			`[[- if has .proxy "service_name" ]] -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=[[ join .proxy.no_proxy "\|" ]][[ end ]]"`
			`[[ template "common/env.tpl" .unifi.controller.env ]]`
			`}`

			`template {`
			`data =<<_EOF`
			`[[ template "unifi/controller/system.properties.tpl" . ]]`
Start job skeletton 2023-08-22 00:12:44 +02:00			`_EOF`
More or less working 2023-08-23 23:16:59 +02:00			`destination = "secrets/system.properties"`
			`}`

			`template {`
			`data =<<_EOF`
			`[[ template "unifi/controller/logback.xml.tpl" ]]`
			`_EOF`
			`destination = "local/logback.xml"`
			`}`

			`template {`
			`data =<<_EOF`
			`[[ template "unifi/controller/init-system.properties.sh.tpl" . ]]`
			`_EOF`
			`destination = "local/init-system.properties.sh"`
			`perms = "755"`
			`}`

			`volume_mount {`
			`volume = "unifi-data"`
			`destination = "/data"`
			`}`

			`[[ template "common/resources.tpl" .unifi.controller.resources ]]`

Start job skeletton 2023-08-22 00:12:44 +02:00			`}`

More or less working 2023-08-23 23:16:59 +02:00			`task "mongo" {`
			`driver = [[ .unifi.mongo.driver \| toJSON ]]`
Use a custom Docker image 2023-08-24 11:08:39 +02:00			`user = 999`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`lifecycle {`
			`hook = "prestart"`
			`sidecar = "true"`
			`}`

			`config {`
			`image = [[ .unifi.mongo.image \| toJSON ]]`
Use a custom Docker image 2023-08-24 11:08:39 +02:00			`command = "mongod"`
More or less working 2023-08-23 23:16:59 +02:00			`args = [`
			`"--config",`
			`"/local/mongod.conf"`
			`]`
			`}`

			`template {`
			`data =<<_EOF`
			`[[ template "unifi/mongo/mongod.conf.tpl" . ]]`
			`_EOF`
			`destination = "local/mongod.conf"`
			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00
More or less working 2023-08-23 23:16:59 +02:00			`volume_mount {`
			`volume = "unifi-mongo"`
Use a custom Docker image 2023-08-24 11:08:39 +02:00			`destination = "/data/db"`
More or less working 2023-08-23 23:16:59 +02:00			`}`

			`[[ template "common/resources.tpl" .unifi.mongo.resources ]]`

			`}`
Start job skeletton 2023-08-22 00:12:44 +02:00			`}`
			`}`