nomad
/
unifi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
unifi/unifi.nomad.hcl

215 lines
6.2 KiB
HCL
Raw Blame History

job "[[ .instance ]]" {
[[- template "common/job_start" . ]]
group "unifi" {
[[- $c := merge .unifi.controller .unifi . ]]
network {
mode = "bridge"
port "stun" {
to = 3478
}
}
service {
name = "[[ .instance ]][[ .consul.suffix ]]"
port = 8888
[[ template "common/connect" $c ]]
check {
type = "http"
path = "/status"
expose = true
interval = "10s"
timeout = "5s"
check_restart {
limit = 12
grace = "2m"
}
}
tags = [
"[[ $c.traefik.instance ]].enable=true",
# Note : no Host as inform requests are sent without. But it's binded to the dedicated entrypoint anyway
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].rule=(Path(`/inform`) && Method(`POST`)) || (PathPrefix(`/dl/firmware-cached`) && (Method(`GET`) || Method(`HEAD`)))",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.inform.traefik .traefik).entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-inform[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.inform.traefik .traefik ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].rule=Host(`
[[- (urlParse .unifi.controller.public_url).Hostname -]]`)
[[- if ne "" (urlParse .unifi.controller.public_url).Path ]] && PathPrefix(`[[ (urlParse .unifi.controller.public_url).Path ]]`)[[ end ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.controller.traefik .traefik).entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-controller[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.controller.traefik .traefik ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].rule=Host(`
[[- (urlParse .unifi.guest_portal.public_url).Hostname -]]
`) && PathPrefix(`/guest`)",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].entrypoints=[[ join (merge .unifi.guest_portal.traefik .traefik).entrypoints "," ]]",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].tls=true",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-portal[[ .consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" merge .unifi.guest_portal.traefik .traefik ]]"
]
}
service {
name = "[[ .instance ]]-stun[[ .consul.suffix ]]"
port = "stun"
tags = [
"[[ $c.traefik.instance ]].enable=true",
"[[ $c.traefik.instance ]].udp.routers.[[ .instance ]]-stun[[ .consul.suffix ]].entrypoints=[[ join .unifi.stun.traefik.entrypoints "," ]]",
"[[ $c.traefik.instance ]].consulcatalog.connect=false"
]
}
[[- if not $c.mongo.is_external ]]
service {
name = "[[ .instance ]]-mongo[[ .consul.suffix ]]"
port = 27017
check {
type = "script"
command = "sh"
args = ["-c", "mongo --quiet --eval 'db.runCommand(\"ping\").ok'"]
interval = "30s"
timeout = "5s"
task = "mongo"
check_restart {
limit = 4
grace = "3m"
}
}
}
[[ template "common/volumes" .unifi.mongo.volumes ]]
[[- end ]]
[[ template "common/volumes" $c ]]
[[ template "common/task.wait_for" $c ]]
task "nginx" {
[[- $c := merge .unifi.nginx .unifi . ]]
driver = "[[ .nomad.driver ]]"
user = 8306
lifecycle {
hook = "poststart"
sidecar = "true"
}
config {
image = "[[ .unifi.nginx.image ]]"
volumes = ["local/nginx.conf:/etc/nginx/conf.d/default.conf"]
readonly_rootfs = true
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
}
template {
data =<<_EOF
[[ template "unifi/nginx/nginx.conf.tpl" . ]]
_EOF
destination = "local/nginx.conf"
}
[[ template "common/resources" $c ]]
}
task "controller" {
[[ $c := merge .unifi.controller .unifi . ]]
leader = true
driver = "[[ $c.nomad.driver ]]"
config {
image = "[[ $c.image ]]"
volumes = [
"local/init-system.properties.sh:/entrypoint.d/10-init-system.properties.sh"
]
readonly_rootfs = true
[[ template "common/tmpfs" dict "size" "1000000" "target" "/opt/unifi/run" ]]
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
}
[[ template "common/vault.policies" $c ]]
env {
[[ template "common/proxy_env" . ]]
}
[[ template "common/file_env" $c ]]
template {
data =<<_EOF
[[ template "unifi/controller/system.properties.tpl" . ]]
_EOF
destination = "secrets/system.properties"
}
template {
data =<<_EOF
[[ template "unifi/controller/init-system.properties.sh.tpl" . ]]
_EOF
destination = "local/init-system.properties.sh"
perms = "755"
}
volume_mount {
volume = "data"
destination = "/data"
}
[[ template "common/resources" $c ]]
}
[[- if not .unifi.controller.mongo.is_external ]]
task "mongo" {
[[- $c := merge .unifi.mongo .unifi . ]]
driver = "[[ $c.nomad.driver ]]"
lifecycle {
hook = "prestart"
sidecar = true
}
config {
image = "[[ $c.image ]]"
command = "mongod"
readonly_rootfs = true
args = ["--config", "/local/mongod.conf" ]
[[ template "common/tmpfs" dict "size" "1000000" "target" "/tmp" ]]
}
template {
data =<<_EOF
[[ template "unifi/mongo/mongod.conf.tpl" . ]]
_EOF
destination = "local/mongod.conf"
}
volume_mount {
volume = "mongo"
destination = "/data/db"
}
[[ template "common/resources" $c ]]
}
}
[[- end ]]
}
Reference in New Issue View Git Blame Copy Permalink