120 lines
2.4 KiB
Text
120 lines
2.4 KiB
Text
|
job "radicale" {
|
||
|
datacenters = ["columbia"]
|
||
|
region = "global"
|
||
|
type = "service"
|
||
|
|
||
|
update {
|
||
|
stagger = "30s"
|
||
|
max_parallel = 1
|
||
|
}
|
||
|
|
||
|
group "radicale" {
|
||
|
count = 1
|
||
|
|
||
|
task "radicale" {
|
||
|
vault {
|
||
|
policies = ["default", "ansible"]
|
||
|
change_mode = "restart"
|
||
|
}
|
||
|
driver = "docker"
|
||
|
config {
|
||
|
image = "docker.service.masked.name:8082/radicale"
|
||
|
ports = ["http"]
|
||
|
volumes = [
|
||
|
"/mnt/raid/radicale/collections:/collections"
|
||
|
]
|
||
|
}
|
||
|
|
||
|
service {
|
||
|
name = "radicale"
|
||
|
port = "http"
|
||
|
|
||
|
check {
|
||
|
name = "radicale"
|
||
|
type = "tcp"
|
||
|
interval = "10s"
|
||
|
timeout = "2s"
|
||
|
address_mode = "driver"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=radicale.service.masked.name" "alt_names=radicale.service.columbia.masked.name" -}}
|
||
|
{{- .Data.certificate -}}
|
||
|
{{- end -}}
|
||
|
EOH
|
||
|
destination = "${NOMAD_SECRETS_DIR}/radicale.crt"
|
||
|
change_mode = "restart"
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=radicale.service.masked.name" "alt_names=radicale.service.columbia.masked.name" -}}
|
||
|
{{- .Data.private_key -}}
|
||
|
{{- end -}}
|
||
|
EOH
|
||
|
destination = "${NOMAD_SECRETS_DIR}/radicale.key"
|
||
|
change_mode = "restart"
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
[server]
|
||
|
hosts = 0.0.0.0:5232
|
||
|
max_connections = 20
|
||
|
max_content_length = 10000000
|
||
|
timeout = 60
|
||
|
ssl = False
|
||
|
|
||
|
[encoding]
|
||
|
request = utf-8
|
||
|
stock = utf-8
|
||
|
|
||
|
[auth]
|
||
|
type = htpasswd
|
||
|
htpasswd_filename = /secrets/users
|
||
|
htpasswd_encryption = bcrypt
|
||
|
delay = 1
|
||
|
realm = Radicale - Password Required
|
||
|
|
||
|
[storage]
|
||
|
type = multifilesystem
|
||
|
filesystem_folder = /collections
|
||
|
|
||
|
[logging]
|
||
|
mask_passwords = True
|
||
|
|
||
|
[headers]
|
||
|
Access-Control-Allow-Origin = *
|
||
|
EOH
|
||
|
destination = "local/config"
|
||
|
}
|
||
|
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
amarpreet:{{ with secret "kv/data/radicale" }}{{ .Data.data.amarpreet }}{{ end }}
|
||
|
EOH
|
||
|
destination = "secrets/users"
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
RADICALE_CONFIG = "/local/config"
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 2000
|
||
|
memory = 2560
|
||
|
}
|
||
|
}
|
||
|
|
||
|
network {
|
||
|
port "http" {
|
||
|
to = 5232
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
}
|