homelab-nomad/databases/mysql.nomad

129 lines
2.2 KiB
Plaintext
Raw Normal View History

2022-02-16 17:56:18 +00:00
job "mysql-server" {
datacenters = ["dc1"]
type = "service"
2022-09-26 23:40:25 +00:00
priority = 80
2022-02-16 17:56:18 +00:00
group "mysql-server" {
count = 1
restart {
attempts = 10
interval = "5m"
delay = "25s"
mode = "delay"
}
network {
mode = "bridge"
2022-02-16 17:56:18 +00:00
port "db" {
2023-06-20 16:44:21 +00:00
static = 3306
2023-03-02 19:00:45 +00:00
}
2023-06-20 16:44:21 +00:00
port "tls" {}
2022-02-16 17:56:18 +00:00
}
volume "mysql-data" {
type = "host"
read_only = false
source = "mysql-data"
}
service {
name = "mysql-server"
provider = "nomad"
2022-02-16 17:56:18 +00:00
port = "db"
}
service {
name = "mysql-tls"
provider = "nomad"
port = "tls"
}
2022-02-16 17:56:18 +00:00
task "mysql-server" {
driver = "docker"
2022-07-25 22:51:41 +00:00
config {
2022-11-10 19:15:58 +00:00
image = "mariadb:10"
2022-07-25 22:51:41 +00:00
ports = ["db"]
2022-11-12 00:21:47 +00:00
args = ["--innodb-buffer-pool-size=1G"]
2022-07-25 22:51:41 +00:00
}
2022-02-16 17:56:18 +00:00
volume_mount {
volume = "mysql-data"
destination = "/var/lib/mysql"
read_only = false
}
env = {
2022-02-17 22:03:42 +00:00
# Allow connections from any host
2022-02-16 17:56:18 +00:00
"MYSQL_ROOT_HOST" = "%"
}
2022-07-25 22:51:41 +00:00
template {
data = <<EOH
2023-05-03 21:16:47 +00:00
{{ with nomadVar "nomad/jobs/mysql-server" }}
MYSQL_ROOT_PASSWORD={{ .mysql_root_password }}
2022-07-25 22:51:41 +00:00
{{ end }}
EOH
destination = "${NOMAD_SECRETS_DIR}/db.env"
2022-07-25 22:51:41 +00:00
env = true
2022-02-16 17:56:18 +00:00
}
resources {
2022-02-17 22:03:42 +00:00
cpu = 300
2023-07-19 16:37:23 +00:00
memory = 1536
2022-02-16 17:56:18 +00:00
}
}
task "stunnel" {
driver = "docker"
config {
image = "alpine:3.17"
ports = ["tls"]
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
}
resources {
cpu = 100
memory = 100
}
template {
data = <<EOF
set -e
apk add stunnel
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf
EOF
destination = "${NOMAD_TASK_DIR}/start.sh"
}
template {
data = <<EOF
syslog = no
foreground = yes
delay = yes
[mysql_server]
accept = {{ env "NOMAD_PORT_tls" }}
connect = 127.0.0.1:3306
ciphers = PSK
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
EOF
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
}
template {
data = <<EOF
{{ range nomadVarList "secrets/mysql/allowed_psks" -}}
{{ with nomadVar .Path }}{{ .psk }}{{ end }}
{{ end -}}
2023-07-07 00:24:37 +00:00
EOF
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
}
}
2022-02-16 17:56:18 +00:00
}
}