homelab-nomad/services/nextcloud/nextcloud.nomad

263 lines
4.9 KiB
Plaintext
Raw Normal View History

2022-02-17 22:03:50 +00:00
variable "nextcloud_db" {
type = string
default = "nextcloud"
}
variable "nextcloud_user" {
type = string
default = "nextcloud"
}
variable "nextcloud_pass" {
type = string
default = "nextcloud"
}
2022-04-15 19:11:41 +00:00
variable "backup_config" {
type = string
description = "HCL config for Restic Scheduler jobs"
}
2022-02-17 22:03:50 +00:00
job "nextcloud" {
datacenters = ["dc1"]
type = "service"
group "nextcloud" {
count = 1
network {
mode = "bridge"
2022-05-10 04:44:26 +00:00
2022-02-17 22:03:50 +00:00
port "web" {
host_network = "loopback"
to = 80
}
2022-05-10 04:44:26 +00:00
port "backup" {
to = 8080
}
2022-02-17 22:03:50 +00:00
}
volume "nextcloud-data" {
type = "host"
read_only = false
source = "nextcloud-data"
}
2022-02-17 22:03:50 +00:00
service {
2022-03-14 22:58:03 +00:00
name = "nextcloud"
2022-02-17 22:03:50 +00:00
port = "web"
connect {
sidecar_service {
proxy {
local_service_port = 80
upstreams {
destination_name = "mysql-server"
local_bind_port = 6060
}
config {
protocol = "tcp"
}
}
}
sidecar_task {
resources {
cpu = 50
memory = 50
}
}
}
tags = [
"traefik.enable=true",
]
}
2022-04-13 21:01:14 +00:00
task "nextcloud-bootstrap" {
driver = "docker"
2022-04-13 21:01:14 +00:00
lifecycle {
hook = "prestart"
sidecar = false
2022-04-13 21:01:14 +00:00
}
config {
image = "mysql:8"
args = [
"/bin/bash",
"-c",
"/usr/bin/mysql --defaults-extra-file=/task/my.cnf < /task/bootstrap.sql",
]
2022-04-15 19:11:41 +00:00
mount {
type = "bind"
source = "local/"
target = "/task/"
2022-04-15 19:11:41 +00:00
}
}
vault {
policies = [
"access-tables",
"nomad-task",
]
}
template {
data = <<EOF
[client]
host={{ env "NOMAD_UPSTREAM_IP_mysql_server" }}
port={{ env "NOMAD_UPSTREAM_PORT_mysql_server" }}
user=root
{{ with secret "kv/data/mysql" }}
password={{ .Data.data.root_password }}
{{ end }}
EOF
destination = "local/my.cnf"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
CREATE DATABASE IF NOT EXISTS `{{ .Data.data.db_name }}`;
CREATE USER IF NOT EXISTS '{{ .Data.data.db_user }}'@'%' IDENTIFIED BY '{{ .Data.data.db_pass }}';
GRANT ALL ON `{{ .Data.data.db_name }}`.* to '{{ .Data.data.db_user }}'@'%';
{{ end }}
EOF
destination = "local/bootstrap.sql"
}
resources {
cpu = 50
memory = 50
}
}
2022-02-17 22:03:50 +00:00
task "main" {
driver = "docker"
volume_mount {
volume = "nextcloud-data"
destination = "/var/www/html"
read_only = false
}
2022-04-13 21:01:14 +00:00
2022-02-17 22:03:50 +00:00
config {
image = "nextcloud"
ports = ["web"]
}
env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_ADDR_mysql_server}"
}
vault {
policies = [
"access-tables",
"nomad-task",
]
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
2022-07-08 23:26:26 +00:00
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
2022-02-17 22:03:50 +00:00
}
resources {
cpu = 50
memory = 250
}
}
2022-04-15 19:11:41 +00:00
2022-05-10 04:44:26 +00:00
service {
name = "nextcloud-backups"
port = "backup"
meta {
metrics_addr = "${NOMAD_ADDR_backup}"
}
}
# TODO: Add service and expose /metrics for prometheus to grab
2022-04-15 19:11:41 +00:00
task "backup" {
driver = "docker"
lifecycle {
hook = "poststart"
sidecar = false
}
2022-04-15 19:11:41 +00:00
volume_mount {
volume = "nextcloud-data"
destination = "/data"
read_only = true
}
config {
image = "iamthefij/resticscheduler"
args = ["/jobs/nextcloud.hcl"]
2022-05-10 04:44:26 +00:00
ports = ["backup"]
2022-04-15 19:11:41 +00:00
mount {
type = "bind"
target = "/jobs"
source = "jobs"
}
2022-07-08 23:26:26 +00:00
mount {
type = "bind"
target = "/tmp/passphrase"
source = "secrets/passphrase"
}
2022-04-15 19:11:41 +00:00
}
env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
2022-07-08 23:26:26 +00:00
}
vault {
policies = ["access-tables", "nomad-task"]
}
template {
data = "{{ with secret \"kv/data/nextcloud\" }}{{ .Data.data.backup_passphrase }}{{ end }}"
destination = "secrets/passphrase"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
2022-04-15 19:11:41 +00:00
}
template {
data = var.backup_config
destination = "jobs/nextcloud.hcl"
}
resources {
cpu = 50
memory = 256
}
}
2022-02-17 22:03:50 +00:00
}
2022-03-13 17:13:19 +00:00
}