infra/nomad/freshrss/freshrss.nomad

91 lines
2.4 KiB
HCL

job "freshrss" {
datacenters = ["columbia"]
region = "global"
type = "service"
update {
stagger = "30s"
max_parallel = 1
}
group "freshrss" {
count = 1
task "freshrss" {
vault {
policies = ["default", "ansible"]
change_mode = "restart"
}
driver = "docker"
config {
image = "docker.service.masked.name:8082/freshrss"
ports = ["http"]
volumes = [
"/mnt/raid/rss:/var/www/FreshRSS/data"
]
}
service {
name = "freshrss"
port = "http"
check {
name = "freshrss"
type = "tcp"
interval = "10s"
timeout = "2s"
address_mode = "driver"
}
}
template {
data = <<EOH
{{- with secret "pki_int/issue/masked-dot-name" "common_name=freshrss.service.masked.name" "alt_names=freshrss.service.columbia.masked.name" -}}
{{- .Data.certificate -}}
{{- end -}}
EOH
destination = "${NOMAD_SECRETS_DIR}/freshrss.crt"
change_mode = "restart"
}
template {
data = <<EOH
{{- with secret "pki_int/issue/masked-dot-name" "common_name=freshrss.service.masked.name" "alt_names=freshrss.service.columbia.masked.name" -}}
{{- .Data.private_key -}}
{{- end -}}
EOH
destination = "${NOMAD_SECRETS_DIR}/freshrss.key"
change_mode = "restart"
}
template {
data = <<EOH
POSTGRES_DB = "freshrss"
POSTGRES_USER = "freshrss"
POSTGRES_PASSWORD = "{{ with secret "kv/data/freshrss" }}{{ .Data.data.db_pw }}{{ end }}"
POSTGRES_HOST = "ivyking.node.masked.name"
ROOT_URL = "${NOMAD_ADDR_http}"
JAVA_ARGS = "-Xmx2048m"
FRESHRSS_ENV = "production"
FRESHRSS_INSTALL = " --api_enabled --base_url https://rss.minhas.io --db-base freshrss --db-host ivyking.node.masked.name --db-password {{ with secret "kv/data/freshrss" }}{{ .Data.data.db_pw }}{{ end }} --db-type pgsql --db-user freshrss --default_user asara --language en"
TZ = "America/New_York"
EOH
destination = "secrets/freshrss.env"
env = true
}
resources {
cpu = 2000
memory = 2560
}
}
network {
port "http" {
to = 80
}
}
}
}