2022-11-11 13:34:08 -08:00
resource "nomad_job" "service" {
jobspec = templatefile("${path.module}/service_template.nomad", {
2023-02-27 11:48:24 -08:00
name = var.name
2023-07-07 15:51:19 -07:00
count = var.instance_count
2023-07-06 17:23:20 -07:00
priority = var.priority
2023-02-27 11:48:24 -08:00
image = var.image
image_pull_timeout = var.image_pull_timeout
args = var.args
env = var.env
2023-08-24 15:41:18 -07:00
task_meta = var.task_meta
2023-02-27 11:48:24 -08:00
group_meta = var.group_meta
2023-08-24 15:41:18 -07:00
job_meta = var.job_meta
2023-04-20 16:47:07 -07:00
constraints = var.constraints
docker_devices = var.docker_devices
2022-11-11 13:34:08 -08:00
2023-07-07 16:33:36 -07:00
service_port = var.service_port
service_port_static = var.service_port_static
ports = var.ports
sticky_disk = var.sticky_disk
resources = var.resources
2023-08-07 11:31:35 -07:00
stunnel_resources = var.stunnel_resources
2023-07-07 16:33:36 -07:00
service_tags = var.service_tags
2023-07-24 15:21:20 -07:00
custom_services = var.custom_services
2023-08-24 12:36:47 -07:00
use_wesher = var.use_wesher
2022-11-11 13:34:08 -08:00
ingress = var.ingress
ingress_rule = var.ingress_rule
ingress_middlewares = var.ingress_middlewares
2023-03-24 22:58:44 -07:00
prometheus = var.prometheus
2022-11-11 13:34:08 -08:00
templates = var.templates
host_volumes = var.host_volumes
2023-07-25 10:59:33 -07:00
use_mysql = var.use_mysql || var.mysql_bootstrap != null
2023-08-29 12:48:48 -07:00
use_postgres = var.use_postgres || var.postgres_bootstrap != null
2023-07-25 10:59:33 -07:00
use_redis = var.use_redis
use_ldap = var.use_ldap
2022-11-11 13:34:08 -08:00
2023-07-25 10:59:33 -07:00
mysql_bootstrap = var.mysql_bootstrap
postgres_bootstrap = var.postgres_bootstrap
2022-11-11 13:34:08 -08:00
2023-09-27 21:30:22 -07:00
detach = var.detach
2022-11-11 13:34:08 -08:00
2023-08-29 12:48:48 -07:00
resource "nomad_acl_policy" "secrets_mysql" {
count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0
name = "${var.name}-secrets-mysql"
description = "Give access to MySQL secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = "mysql-bootstrap"
resource "random_password" "mysql_psk" {
count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0
length = 32
override_special = "!@#%&*-_="
resource "nomad_variable" "mysql_psk" {
count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0
path = "secrets/mysql/allowed_psks/${var.name}"
items = {
psk = "${var.name}:${resource.random_password.mysql_psk[0].result}"
resource "nomad_acl_policy" "mysql_psk" {
count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0
name = "${var.name}-secrets-mysql-psk"
description = "Give access to MySQL PSK secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql/allowed_psks/${var.name}" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = "stunnel"
resource "nomad_acl_policy" "secrets_postgres" {
count = var.use_postgres || var.postgres_bootstrap != null ? 1 : 0
name = "${var.name}-secrets-postgres"
description = "Give access to Postgres secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/postgres" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = "postgres-bootstrap"
resource "random_password" "postgres_psk" {
count = var.use_postgres || var.postgres_bootstrap != null ? 1 : 0
length = 32
override_special = "!@#%&*-_="
resource "nomad_variable" "postgres_psk" {
count = var.use_postgres || var.postgres_bootstrap != null ? 1 : 0
path = "secrets/postgres/allowed_psks/${var.name}"
items = {
psk = "${var.name}:${resource.random_password.postgres_psk[0].result}"
resource "nomad_acl_policy" "postgres_psk" {
count = var.use_postgres || var.postgres_bootstrap != null ? 1 : 0
name = "${var.name}-secrets-postgres-psk"
description = "Give access to Postgres PSK secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/postgres/allowed_psks/${var.name}" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = "stunnel"
resource "random_password" "ldap_psk" {
count = var.use_ldap ? 1 : 0
length = 32
override_special = "!@#%&*-_="
resource "nomad_variable" "ldap_psk" {
count = var.use_ldap ? 1 : 0
path = "secrets/ldap/allowed_psks/${var.name}"
items = {
psk = "${var.name}:${resource.random_password.ldap_psk[0].result}"
resource "nomad_acl_policy" "ldap_psk" {
count = var.use_ldap ? 1 : 0
name = "${var.name}-secrets-ldap-psk"
description = "Give access to ldap PSK secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/ldap/allowed_psks/${var.name}" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = "stunnel"
2023-08-29 15:11:40 -07:00
resource "nomad_acl_policy" "secrets_smtp" {
count = var.use_smtp ? 1 : 0
name = "${var.name}-secrets-smtp"
description = "Give access to SMTP secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/smtp" {
capabilities = ["read"]
job_acl {
job_id = var.name
group = var.name
task = var.name