94 lines
2.7 KiB
HCL
94 lines
2.7 KiB
HCL
job "sudoscientist-go-backend" {
|
|
datacenters = ["columbia"]
|
|
region = "global"
|
|
type = "service"
|
|
|
|
update {
|
|
stagger = "30s"
|
|
max_parallel = 1
|
|
}
|
|
|
|
group "sudoscientist-go-backend" {
|
|
count = 1
|
|
|
|
task "sudoscientist-go-backend" {
|
|
vault {
|
|
policies = ["default", "ansible"]
|
|
change_mode = "restart"
|
|
}
|
|
driver = "docker"
|
|
config {
|
|
image = "docker.service.masked.name:8082/sudoscientist-go-backend"
|
|
ports = ["http"]
|
|
}
|
|
|
|
service {
|
|
name = "sudoscientist-go-backend"
|
|
port = "http"
|
|
|
|
check {
|
|
name = "sudoscientist-go-backend"
|
|
type = "tcp"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
address_mode = "driver"
|
|
}
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=sudoscientist-go-backend.service.masked.name" "alt_names=sudoscientist-go-backend.service.columbia.masked.name" -}}
|
|
{{- .Data.certificate -}}
|
|
{{- end -}}
|
|
EOH
|
|
destination = "${NOMAD_SECRETS_DIR}/sudoscientist-go-backend.crt"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
{{- with secret "pki_int/issue/masked-dot-name" "common_name=sudoscientist-go-backend.service.masked.name" "alt_names=sudoscientist-go-backend.service.columbia.masked.name" -}}
|
|
{{- .Data.private_key -}}
|
|
{{- end -}}
|
|
EOH
|
|
destination = "${NOMAD_SECRETS_DIR}/sudoscientist-go-backend.key"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
API_ADDR = https://api.sudoscientist.com
|
|
API_PORT = 8080
|
|
DB_HOST = ivyking.node.masked.name
|
|
DB_NAME = sudosci
|
|
DB_PORT = 5432
|
|
DB_PW = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.db_pw }}{{ end }}"
|
|
DB_SSL = disable
|
|
DB_USER = sudosci
|
|
EMAIL_SECRET = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.email_secret }}{{ end }}"
|
|
JWT_SECRET = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.jwt_secret }}{{ end }}"
|
|
POSTAL_API = https://postal.sudoscientist.com
|
|
POSTAL_KEY = "{{ with secret "kv/data/sudoscientist/go-backend" }}{{ .Data.data.jwt_secret }}{{ end }}"
|
|
POSTAL_SRC_EMAIL = send-mail@postal.sudoscientist.com
|
|
UI_ADDR = sudoscientist.com
|
|
UI_PROTO = https://
|
|
EOH
|
|
destination = "secrets/sudoscientist-go-backend.env"
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 2000
|
|
memory = 2560
|
|
}
|
|
}
|
|
|
|
network {
|
|
port "http" {
|
|
to = 8080
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|