job "[[ .instance ]]" { [[- template "common/job_start" . ]] group "unifi" { [[- $c := merge .unifi.controller .unifi . ]] [[ template "common/group_start" $c ]] network { mode = "bridge" port "stun" { to = 3478 } } service { name = "[[ .instance ]][[ .consul.suffix ]]" port = 8888 [[ template "common/service_meta" $c ]] [[ template "common/connect" $c ]] check { type = "http" path = "/status" expose = true [[ template "common/check_settings" $c ]] check_restart { limit = 12 grace = "2m" } } tags = [ [[ template "common/traefik_tags" $c ]] [[ template "common/traefik_tags" merge .unifi.inform . ]] [[ template "common/traefik_tags" merge .unifi.guest_portal . ]] ] } service { name = "[[ .instance ]]-stun[[ .consul.suffix ]]" port = "stun" tags = [ [[ template "common/traefik_tags" merge .unifi.stun . ]] ] } [[- if not $c.mongo.is_external ]] service { name = "[[ .instance ]]-mongo[[ .consul.suffix ]]" port = 27017 [[ template "common/service_meta" $c ]] check { type = "script" command = "sh" args = ["-c", "mongo --quiet --eval 'db.runCommand(\"ping\").ok'"] task = "mongo" interval = "[[ $c.consul.check.interval ]]" timeout = "[[ $c.consul.check.timeout ]]" check_restart { limit = 4 grace = "3m" } } } [[ template "common/volumes" .unifi.mongo.volumes ]] [[- end ]] [[ template "common/volumes" $c ]] [[ template "common/task.wait_for" $c ]] task "nginx" { [[- $c := merge .unifi.nginx .unifi . ]] driver = "[[ .nomad.driver ]]" user = 8306 lifecycle { hook = "poststart" sidecar = "true" } config { image = "[[ .unifi.nginx.image ]]" volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"] readonly_rootfs = true pids_limit = 20 [[ template "common/tmpfs" "/tmp" ]] } template { data =<<_EOF [[ template "unifi/nginx/nginx.conf.tpl" . ]] _EOF destination = "local/nginx.conf" } [[ template "common/resources" $c ]] } task "controller" { [[ $c := merge .unifi.controller .unifi . ]] leader = true driver = "[[ $c.nomad.driver ]]" config { image = "[[ $c.image ]]" volumes = [ "local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh" ] readonly_rootfs = true pids_limit = 200 [[ template "common/tmpfs" "/opt/unifi/run" ]] [[ template "common/tmpfs" "/tmp" ]] } [[ template "common/vault.policies" $c ]] env { TMPDIR = "/local/tmp" } [[ template "common/file_env" $c ]] template { data =<<_EOF [[ template "unifi/controller/system.properties.tpl" . ]] _EOF destination = "secrets/system.properties" } template { data =<<_EOF [[ template "unifi/controller/init-system.properties.sh.tpl" . ]] _EOF destination = "local/init-system.properties.sh" perms = "755" } volume_mount { volume = "data" destination = "/data" } [[ template "common/resources" $c ]] } [[- if not .unifi.controller.mongo.is_external ]] task "mongo" { [[- $c := merge .unifi.mongo .unifi . ]] driver = "[[ $c.nomad.driver ]]" lifecycle { hook = "prestart" sidecar = true } config { image = "[[ $c.image ]]" command = "mongod" readonly_rootfs = true pids_limit = 200 args = ["--config", "/local/mongod.conf" ] [[ template "common/tmpfs" "/tmp" ]] } template { data =<<_EOF [[ template "unifi/mongo/mongod.conf.tpl" . ]] _EOF destination = "local/mongod.conf" } volume_mount { volume = "mongo" destination = "/data/db" } [[ template "common/resources" $c ]] } } [[- end ]] }