Add gitea

nomad/gitea/gitea.nomad

@@ -0,0 +1,95 @@
+job "gitea" {
+  datacenters = ["columbia"]
+  region      = "global"
+  type        = "service"
+
+  update {
+    stagger      = "30s"
+    max_parallel = 1
+  }
+
+  group "gitea" {
+    count = 1
+
+    task "gitea" {
+      vault {
+        policies    = ["default", "ansible"]
+        change_mode = "restart"
+      }
+      driver = "docker"
+      config {
+        image   = "docker.service.masked.name:8082/gitea"
+        ports   = ["http"]
+        volumes = [
+            "/mnt/raid/gitea:/data"
+        ]
+      }
+
+      service {
+        name = "gitea"
+        port = "http"
+
+        check {
+          name     = "gitea"
+          type     = "tcp"
+          interval = "10s"
+          timeout  = "2s"
+          address_mode = "driver"
+        }
+      }
+
+      template {
+        data = <<EOH
+            {{- with secret "pki_int/issue/masked-dot-name" "common_name=gitea.service.masked.name" "alt_names=gitea.service.columbia.masked.name" -}}
+            {{- .Data.certificate -}}
+            {{- end -}}
+        EOH
+        destination   = "${NOMAD_SECRETS_DIR}/gitea.crt"
+        change_mode   = "restart"
+      }
+
+      template {
+        data = <<EOH
+            {{- with secret "pki_int/issue/masked-dot-name" "common_name=gitea.service.masked.name" "alt_names=gitea.service.columbia.masked.name" -}}
+            {{- .Data.private_key -}}
+            {{- end -}}
+        EOH
+        destination   = "${NOMAD_SECRETS_DIR}/gitea.key"
+        change_mode   = "restart"
+      }
+
+      template {
+        data = <<EOH
+          APP_NAME          = "gitea"
+          ROOT_URL          = "https://git.minhas.io"
+          LOCAL_ROOT_URL    = "http://localhost:3000"
+          DOMAIN            = "git.minhas.io"
+          DB_TYPE           = postgres
+          DB_HOST           = ivyking.node.masked.name
+          DB_NAME           = gogs
+          DB_USER           = gogs
+          DB_PASSWD         = "{{ with secret "kv/data/gitea" }}{{ .Data.data.db_pw }}{{ end }}"
+          DISABLE_SSH       = true
+          USER_UID          = 1008
+          USER_GID          = 1010
+          INSTALL_LOCK      = true
+          SECRET_KEY        = "{{ with secret "kv/data/gitea" }}{{ .Data.data.secret_key }}{{ end }}"
+        EOH
+        destination = "secrets/gitea.env"
+        env         = true
+      }
+
+      resources {
+        cpu    = 2000
+        memory = 2560
+      }
+    }
+
+    network {
+      port "http" {
+        to = 3000
+       }
+    }
+
+  }
+}