resource "nomad_job" "service" { jobspec = templatefile("${path.module}/service_template.nomad", { name = var.name count = var.instance_count priority = var.priority image = var.image image_pull_timeout = var.image_pull_timeout args = var.args env = var.env task_meta = var.task_meta group_meta = var.group_meta job_meta = var.job_meta constraints = var.constraints docker_devices = var.docker_devices service_port = var.service_port service_port_static = var.service_port_static ports = var.ports sticky_disk = var.sticky_disk resources = var.resources stunnel_resources = var.stunnel_resources service_tags = var.service_tags custom_services = var.custom_services use_wesher = var.use_wesher ingress = var.ingress ingress_rule = var.ingress_rule ingress_middlewares = var.ingress_middlewares prometheus = var.prometheus templates = var.templates host_volumes = var.host_volumes use_mysql = var.use_mysql || var.mysql_bootstrap != null use_postgres = var.use_postgres || var.postgres_bootstrap != null use_redis = var.use_redis use_ldap = var.use_ldap mysql_bootstrap = var.mysql_bootstrap postgres_bootstrap = var.postgres_bootstrap workload_identity_env = var.workload_acl_policy != null }) detach = var.detach } resource "nomad_acl_policy" "workload_special" { count = var.workload_acl_policy != null ? 1 : 0 name = var.workload_acl_policy.name description = var.workload_acl_policy.description rules_hcl = var.workload_acl_policy.rules_hcl job_acl { job_id = var.name group = var.name task = var.name } } resource "nomad_acl_policy" "secrets_mysql" { count = var.use_mysql || var.mysql_bootstrap != null ? 1 : 0 name = "${var.name}-secrets-mysql" description = "Give access to MySQL secrets" rules_hcl = <