job "${name}" { region = "global" datacenters = ["dc1"] type = "service" priority = ${priority} group "${name}" { count = ${count} %{~ if length(job_meta) > 0 } meta = { %{ for k, v in job_meta ~} ${k} = ${jsonencode(v)} %{ endfor ~} } %{~ endif ~} network { mode = "bridge" %{~ if service_port != null } port "main" { %{~ if use_wesher ~} host_network = "wesher" %{~ endif ~} %{~ if service_port_static ~} static = ${service_port} %{~ else ~} to = ${service_port} %{~ endif ~} } %{~ endif ~} %{~ for port in ports } port "${port.name}" { %{~ if port.host_network != null ~} host_network = "${port.host_network}" %{~ endif ~} %{~ if port.from != null ~} from = ${port.from} %{~ endif ~} %{~ if port.to != null ~} to = ${port.to} %{~ endif ~} %{~ if port.static != null ~} static = ${port.static} %{~ endif ~} } %{~ endfor ~} } %{~ for constraint in constraints } constraint { attribute = "${constraint.attribute}" operator = "${constraint.operator}" value = "${constraint.value}" } %{~ endfor ~} %{~ if length(group_meta) > 0 } meta = { %{~ for k, v in group_meta ~} ${k} = ${jsonencode(v)} %{~ endfor ~} } %{~ endif ~} %{~ if sticky_disk } ephemeral_disk { migrate = true sticky = true } %{~ endif ~} %{~ for host_volume in host_volumes } volume "${host_volume.name}" { type = "host" read_only = ${host_volume.read_only} source = "${host_volume.name}" } %{~ endfor ~} %{~ if service_port != null } service { name = "${replace(name, "_", "-")}" provider = "nomad" port = "main" tags = [ %{~ if prometheus == true ~} "prometheus.scrape", %{~ endif ~} %{~ if ingress ~} "traefik.enable=true", "traefik.http.routers.${name}.entryPoints=websecure", %{~ if try(ingress_rule, null) != null ~} "traefik.http.routers.${name}.rule=${ingress_rule}", %{~ endif ~} %{~ for middleware in ingress_middlewares ~} "traefik.http.routers.${name}.middlewares=${middleware}", %{~ endfor ~} %{~ endif ~} %{~ for tag in service_tags ~} "${tag}", %{~ endfor ~} ] } %{~ endif ~} %{~ for custom_service in custom_services ~} service { name = "${custom_service.name}" provider = "nomad" port = "${custom_service.port}" tags = ${jsonencode(custom_service.tags)} } %{~ endfor ~} task "${name}" { driver = "docker" %{~ if length(task_meta) > 0 } meta = { %{ for k, v in task_meta ~} ${k} = ${jsonencode(v)} %{ endfor ~} } %{~ endif ~} config { image = "${image}" %{~if image_pull_timeout != null ~} image_pull_timeout = "${image_pull_timeout}" %{~ endif ~} %{~ if service_port != null ~} ports = ["main"] %{~ endif ~} %{~ if length(try(args, [])) > 0 ~} args = ${jsonencode(args)} %{~ endif ~} %{~ if length(docker_devices) > 0 ~} devices = [ %{~ for dev in docker_devices ~} { host_path = "${dev.host_path}" container_path = "${dev.container_path}" }, %{~ endfor ~} ] %{~ endif ~} %{~ for template in templates ~} %{~ if template.mount && !template.env } mount { type = "bind" target = "${template.dest}" source = "${template.dest_prefix}/${template.dest}" } %{~ endif ~} %{~ endfor ~} } %{~ if length(env) > 0 } env = { %{~ for k, v in env ~} "${k}" = ${jsonencode(v)} %{~ endfor ~} } %{~ endif ~} %{~ for volume in host_volumes } volume_mount { volume = "${volume.name}" destination = "${volume.dest}" read_only = ${volume.read_only} } %{~ endfor ~} %{~ for template in templates } template { data = < 0 ~} %{ for db_name in postgres_bootstrap.databases } /usr/bin/createdb ${db_name} %{ endfor ~} %{ else ~} {{ with nomadVar "nomad/jobs/${name}" }}/usr/bin/createdb {{ .${postgres_bootstrap.db_name_key} }}{{ end }} %{ endif ~} /usr/bin/psql -X -f $${NOMAD_SECRETS_DIR}/bootstrap.sql EOF destination = "$${NOMAD_TASK_DIR}/bootstrap.sh" } template { data = < 0 ~} %{ for db_name in postgres_bootstrap.databases } GRANT ALL ON DATABASE "${db_name}" TO {{ .${postgres_bootstrap.db_user_key} }}; %{ endfor ~} %{ else ~} GRANT ALL ON DATABASE "{{ .${postgres_bootstrap.db_name_key} }}" TO {{ .${postgres_bootstrap.db_user_key} }}; %{ endif ~} EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE; END $$; {{ end }} EOF destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql" } resources { cpu = 50 memory = 50 } } %{~ endif ~} %{~ if use_mysql || use_redis || use_ldap || use_postgres } task "stunnel" { driver = "docker" lifecycle { hook = "prestart" sidecar = true } config { image = "alpine:3.17" args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"] } resources { cpu = ${stunnel_resources.cpu} memory = ${stunnel_resources.memory} %{~ if stunnel_resources.memory_max != null ~} memory_max = ${stunnel_resources.memory_max} %{~ endif ~} } template { data = <