345 lines
7.6 KiB
Plaintext
345 lines
7.6 KiB
Plaintext
|
variable "postgres_image" {
|
||
|
type = string
|
||
|
default = "postgres:14"
|
||
|
}
|
||
|
|
||
|
variable "immich_tag" {
|
||
|
type = string
|
||
|
default = "release"
|
||
|
}
|
||
|
|
||
|
job "immich" {
|
||
|
datacenters = ["dc1"]
|
||
|
type = "service"
|
||
|
|
||
|
group "immich" {
|
||
|
count = 1
|
||
|
|
||
|
network {
|
||
|
mode = "bridge"
|
||
|
|
||
|
port "server" {
|
||
|
host_network = "loopback"
|
||
|
to = 3001
|
||
|
}
|
||
|
|
||
|
port "microservices" {
|
||
|
host_network = "loopback"
|
||
|
to = 3001
|
||
|
}
|
||
|
|
||
|
port "web" {
|
||
|
host_network = "loopback"
|
||
|
to = 3000
|
||
|
}
|
||
|
|
||
|
port "proxy" {
|
||
|
host_network = "loopback"
|
||
|
to = 80
|
||
|
}
|
||
|
}
|
||
|
|
||
|
volume "immich-upload" {
|
||
|
type = "host"
|
||
|
read_only = false
|
||
|
source = "immich-upload"
|
||
|
}
|
||
|
|
||
|
service {
|
||
|
name = "immich"
|
||
|
port = "proxy"
|
||
|
|
||
|
connect {
|
||
|
sidecar_service {
|
||
|
proxy {
|
||
|
local_service_port = 80
|
||
|
|
||
|
upstreams {
|
||
|
destination_name = "redis"
|
||
|
local_bind_port = 6379
|
||
|
}
|
||
|
|
||
|
upstreams {
|
||
|
destination_name = "postgres"
|
||
|
local_bind_port = 5432
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
sidecar_task {
|
||
|
resources {
|
||
|
cpu = 50
|
||
|
memory = 50
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
tags = [
|
||
|
"traefik.enable=true",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
task "immich-bootstrap" {
|
||
|
driver = "docker"
|
||
|
|
||
|
config {
|
||
|
image = "${var.postgres_image}"
|
||
|
args = [
|
||
|
"/bin/bash",
|
||
|
"-c",
|
||
|
"/usr/bin/psql --no-password -f ${NOMAD_SECRETS_DIR}/bootstrap.sql",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 50
|
||
|
memory = 20
|
||
|
memory_max = 100
|
||
|
}
|
||
|
|
||
|
vault {
|
||
|
policies = [
|
||
|
"access-tables",
|
||
|
"nomad-task",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
PGHOST = "${NOMAD_UPSTREAM_IP_postgres}"
|
||
|
PGPORT = "${NOMAD_UPSTREAM_PORT_postgres}"
|
||
|
PGUSER = "root"
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
{{ with secret "kv/data/postgres" }}
|
||
|
PGPASSWORD={{ .Data.data.superuser_password }}
|
||
|
{{ end }}
|
||
|
EOH
|
||
|
destination = "secrets/pgpass.env"
|
||
|
env = true
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOF
|
||
|
{{ with secret "kv/data/immich" }}
|
||
|
DB_DATABASE_NAME={{ .Data.data.db_name }}
|
||
|
DB_USERNAME={{ .Data.data.db_user }}
|
||
|
DB_PASSWORD={{ .Data.data.db_pass }}
|
||
|
{{ end }}
|
||
|
EOF
|
||
|
destination = "secrets/immich-db.env"
|
||
|
env = true
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOH
|
||
|
{{ with secret "kv/data/immich" }}
|
||
|
DO
|
||
|
$do$
|
||
|
BEGIN
|
||
|
IF EXISTS (
|
||
|
SELECT FROM pg_catalog.pg_roles
|
||
|
WHERE rolname = '{{ .Data.data.db_user }}') THEN
|
||
|
|
||
|
RAISE NOTICE 'Role "{{ .Data.data.db_user }}" already exists. Skipping.';
|
||
|
ELSE
|
||
|
CREATE ROLE {{ .Data.data.db_user }} LOGIN PASSWORD '{{ .Data.data.db_pass }}';
|
||
|
END IF;
|
||
|
|
||
|
IF EXISTS (SELECT FROM pg_database WHERE datname = '{{ .Data.data.db_name }}') THEN
|
||
|
RAISE NOTICE 'Database already exists'; -- optional
|
||
|
ELSE
|
||
|
PERFORM dblink_exec('dbname=' || current_database() -- current db
|
||
|
, 'CREATE DATABASE {{ .Data.data.db_name }}');
|
||
|
REVOKE ALL ON DATABASE {{ .Data.data.db_name }} FROM public;
|
||
|
GRANT ALL PRIVILEGES ON DATABASE {{ .Data.data.db_name }} TO {{ .Data.data.db_user }};
|
||
|
END IF;
|
||
|
END
|
||
|
$do$;
|
||
|
{{ end }}
|
||
|
EOH
|
||
|
destination = "secrets/bootstrap.sql"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task "immich-server" {
|
||
|
driver = "docker"
|
||
|
|
||
|
volume_mount {
|
||
|
volume = "immich-upload"
|
||
|
destination = "/usr/src/app/upload"
|
||
|
read_only = false
|
||
|
}
|
||
|
|
||
|
config {
|
||
|
image = "altran1502/immich-server:${var.immich_tag}"
|
||
|
entrypoint = ["/bin/sh", "./start-server.sh"]
|
||
|
ports = ["server"]
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 100
|
||
|
memory = 200
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
NODE_ENV = "production"
|
||
|
REDIS_HOSTNAME = "${NOMAD_UPSTREAM_IP_redis}"
|
||
|
REDIS_PORT = "${NOMAD_UPSTREAM_PORT_redis}"
|
||
|
# REDIS_DBINDEX=0
|
||
|
# REDIS_PASSWORD=
|
||
|
# REDIS_SOCKET=
|
||
|
}
|
||
|
|
||
|
vault {
|
||
|
policies = [
|
||
|
"access-tables",
|
||
|
"nomad-task",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOF
|
||
|
DB_HOSTNAME="${NOMAD_UPSTREAM_IP_postgres}"
|
||
|
DB_PORT="${NOMAD_UPSTREAM_PORT_postgres}"
|
||
|
{{ with secret "kv/data/immich" }}
|
||
|
DB_DATABASE_NAME={{ .Data.data.db_name }}
|
||
|
DB_USERNAME={{ .Data.data.db_user }}
|
||
|
DB_PASSWORD={{ .Data.data.db_pass }}
|
||
|
{{ end }}
|
||
|
EOF
|
||
|
destination = "secrets/db.env"
|
||
|
env = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task "immich-microservices" {
|
||
|
driver = "docker"
|
||
|
|
||
|
volume_mount {
|
||
|
volume = "immich-upload"
|
||
|
destination = "/usr/src/app/upload"
|
||
|
read_only = false
|
||
|
}
|
||
|
|
||
|
config {
|
||
|
image = "altran1502/immich-server:${var.immich_tag}"
|
||
|
entrypoint = ["/bin/sh", "./start-microservices.sh"]
|
||
|
ports = ["microservices"]
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 100
|
||
|
memory = 50
|
||
|
memory_max = 200
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
NODE_ENV = "production"
|
||
|
REDIS_HOSTNAME = "${NOMAD_UPSTREAM_IP_redis}"
|
||
|
REDIS_PORT = "${NOMAD_UPSTREAM_PORT_redis}"
|
||
|
# REDIS_DBINDEX=0
|
||
|
# REDIS_PASSWORD=
|
||
|
# REDIS_SOCKET=
|
||
|
}
|
||
|
|
||
|
vault {
|
||
|
policies = [
|
||
|
"access-tables",
|
||
|
"nomad-task",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOF
|
||
|
DB_HOSTNAME="${NOMAD_UPSTREAM_IP_postgres}"
|
||
|
DB_PORT="${NOMAD_UPSTREAM_PORT_postgres}"
|
||
|
{{ with secret "kv/data/immich" }}
|
||
|
DB_DATABASE_NAME={{ .Data.data.db_name }}
|
||
|
DB_USERNAME={{ .Data.data.db_user }}
|
||
|
DB_PASSWORD={{ .Data.data.db_pass }}
|
||
|
{{ end }}
|
||
|
EOF
|
||
|
destination = "secrets/db.env"
|
||
|
env = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task "immich-machine-learning" {
|
||
|
driver = "docker"
|
||
|
|
||
|
volume_mount {
|
||
|
volume = "immich-upload"
|
||
|
destination = "/usr/src/app/upload"
|
||
|
read_only = false
|
||
|
}
|
||
|
|
||
|
config {
|
||
|
image = "altran1502/immich-machine-learning:${var.immich_tag}"
|
||
|
entrypoint = ["/bin/sh", "./entrypoint.sh"]
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 500
|
||
|
memory = 100
|
||
|
memory_max = 500
|
||
|
}
|
||
|
|
||
|
env {
|
||
|
NODE_ENV = "production"
|
||
|
}
|
||
|
|
||
|
vault {
|
||
|
policies = [
|
||
|
"access-tables",
|
||
|
"nomad-task",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
template {
|
||
|
data = <<EOF
|
||
|
DB_HOSTNAME="${NOMAD_UPSTREAM_IP_postgres}"
|
||
|
DB_PORT="${NOMAD_UPSTREAM_PORT_postgres}"
|
||
|
{{ with secret "kv/data/immich" }}
|
||
|
DB_DATABASE_NAME={{ .Data.data.db_name }}
|
||
|
DB_USERNAME={{ .Data.data.db_user }}
|
||
|
DB_PASSWORD={{ .Data.data.db_pass }}
|
||
|
{{ end }}
|
||
|
EOF
|
||
|
destination = "secrets/db.env"
|
||
|
env = true
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task "immich-web" {
|
||
|
driver = "docker"
|
||
|
|
||
|
config {
|
||
|
image = "altran1502/immich-web:${var.immich_tag}"
|
||
|
entrypoint = ["/bin/sh", "./entrypoint.sh"]
|
||
|
ports = ["web"]
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 50
|
||
|
memory = 50
|
||
|
}
|
||
|
}
|
||
|
|
||
|
task "immich-proxy" {
|
||
|
driver = "docker"
|
||
|
|
||
|
config {
|
||
|
ports = ["proxy"]
|
||
|
image = "altran1502/immich-proxy:${var.immich_tag}"
|
||
|
}
|
||
|
|
||
|
resources {
|
||
|
cpu = 50
|
||
|
memory = 50
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|