variable "config_data" { type = string description = "Plain text config file for blocky" } job "blocky" { datacenters = ["dc1"] type = "system" priority = 100 update { max_parallel = 1 # TODO: maybe switch to service job from system so we can use canary and autorollback # auto_revert = true } group "blocky" { network { mode = "bridge" port "dns" { static = "53" } port "api" { # TODO: This may be broken. It seems we're exposing the loopback address which can't be reached # host_network = "loopback" to = "4000" } } service { name = "blocky-dns" port = "dns" } service { name = "blocky-api" port = "api" meta { metrics_addr = "${NOMAD_ADDR_api}" } tags = [ "traefik.enable=true", "traefik.http.routers.blocky-api.entryPoints=websecure", ] connect { sidecar_service { proxy { local_service_port = 4000 expose { path { path = "/metrics" protocol = "http" local_path_port = 4000 listener_port = "api" } } upstreams { destination_name = "redis" local_bind_port = 6379 } upstreams { destination_name = "mysql-server" local_bind_port = 4040 } } } sidecar_task { resources { cpu = 50 memory = 20 memory_max = 50 } } } check { name = "api-health" port = "api" type = "http" path = "/" interval = "10s" timeout = "3s" } } task "blocky" { driver = "docker" config { image = "ghcr.io/0xerr0r/blocky" ports = ["dns", "api"] mount { type = "bind" target = "/app/config.yml" source = "app/config.yml" } } resources { cpu = 50 memory = 50 memory_max = 100 } vault { policies = [ "access-tables", "nomad-task", ] } template { data = var.config_data destination = "app/config.yml" splay = "1m" } } task "blocky-bootstrap" { driver = "docker" lifecycle { hook = "prestart" sidecar = false } config { image = "mariadb:10" args = [ "/bin/bash", "-c", "/usr/bin/mysql --defaults-extra-file=$${NOMAD_SECRETS_DIR}/my.cnf < $${NOMAD_SECRETS_DIR}/bootstrap.sql", ] } vault { policies = [ "access-tables", "nomad-task", ] } template { data = <