job "${name}" { region = "global" datacenters = ["dc1"] type = "service" priority = ${priority} group "${name}" { count = ${count} network { mode = "bridge" %{ if service_port != null ~} port "main" { %{~ if use_wesher ~} host_network = "wesher" %{~ endif ~} %{ if service_port_static ~} static = ${service_port} %{ else ~} to = ${service_port} %{~ endif } } %{ endif ~} %{ for port in ports ~} port "${port.name}" { %{ if port.host_network != null }host_network = "${port.host_network}"%{ endif ~} %{ if port.from != null }to = ${port.from}%{ endif ~} %{ if port.to != null }to = ${port.to}%{ endif ~} %{ if port.static != null }static = ${port.static}%{ endif ~} } %{ endfor } } %{ for constraint in constraints ~} constraint { attribute = "${constraint.attribute}" operator = "${constraint.operator}" value = "${constraint.value}" } %{ endfor ~} %{ if length(group_meta) > 0 } meta = { %{ for k, v in group_meta } ${k} = ${jsonencode(v)} %{ endfor } } %{~ endif } %{ if sticky_disk } ephemeral_disk { migrate = true sticky = true } %{~ endif } %{ for host_volume in host_volumes } volume "${host_volume.name}" { type = "host" read_only = ${host_volume.read_only} source = "${host_volume.name}" } %{ endfor } %{ if service_port != null ~} service { name = "${replace(name, "_", "-")}" provider = "nomad" port = "main" tags = [ %{ if prometheus == true } "prometheus.scrape", %{ endif } %{ if ingress } "traefik.enable=true", "traefik.http.routers.${name}.entryPoints=websecure", %{ if try(ingress_rule, null) != null ~} "traefik.http.routers.${name}.rule=${ingress_rule}", %{ endif ~} %{ for middleware in ingress_middlewares ~} "traefik.http.routers.${name}.middlewares=${middleware}", %{ endfor ~} %{ endif ~} %{ for tag in service_tags ~} "${tag}", %{ endfor ~} ] } %{ endif ~} %{ for custom_service in custom_services } service { name = "${custom_service.name}" provider = "nomad" port = "${custom_service.port}" tags = ${jsonencode(custom_service.tags)} } %{ endfor } task "${name}" { driver = "docker" %{ if length(meta) > 0 ~} meta = { %{ for k, v in meta ~} ${k} = ${jsonencode(v)} %{ endfor ~} } %{ endif ~} config { image = "${image}" %{if image_pull_timeout != null ~} image_pull_timeout = "${image_pull_timeout}" %{ endif ~} %{ if service_port != null ~} ports = ["main"] %{ endif ~} %{ if length(try(args, [])) > 0 ~} args = ${jsonencode(args)} %{ endif ~} %{ if length(docker_devices) > 0 ~} devices = [ %{ for dev in docker_devices } { host_path = "${dev.host_path}" container_path = "${dev.container_path}" }, %{ endfor } ] %{ endif ~} %{ for template in templates ~} %{ if template.mount && !template.env ~} mount { type = "bind" target = "${template.dest}" source = "${template.dest_prefix}/${template.dest}" } %{ endif ~} %{ endfor ~} } %{ if length(env) > 0 ~} env = { %{ for k, v in env ~} "${k}" = "${v}" %{ endfor } } %{ endif ~} %{ for volume in host_volumes ~} volume_mount { volume = "${volume.name}" destination = "${volume.dest}" read_only = ${volume.read_only} } %{ endfor ~} %{ for template in templates ~} template { data = < 0 } %{ for db_name in postgres_bootstrap.databases ~} /usr/bin/createdb ${db_name} %{ endfor } %{ else } {{ with nomadVar "nomad/jobs/${name}" }}/usr/bin/createdb {{ .${postgres_bootstrap.db_name_key} }}{{ end }} %{ endif } /usr/bin/psql -X -f $${NOMAD_SECRETS_DIR}/bootstrap.sql EOF destination = "$${NOMAD_TASK_DIR}/bootstrap.sh" } template { data = < 0 } %{ for db_name in postgres_bootstrap.databases } GRANT ALL ON DATABASE "${db_name}" TO {{ .${postgres_bootstrap.db_user_key} }}; %{ endfor } %{ else } GRANT ALL ON DATABASE "{{ .${postgres_bootstrap.db_name_key} }}" TO {{ .${postgres_bootstrap.db_user_key} }}; %{ endif } EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE; END $$; {{ end }} EOF destination = "$${NOMAD_SECRETS_DIR}/bootstrap.sql" } resources { cpu = 50 memory = 50 } } %{ endif } %{ if use_mysql || use_redis || use_ldap || use_postgres ~} task "stunnel" { driver = "docker" lifecycle { hook = "prestart" sidecar = true } config { image = "alpine:3.17" args = ["/bin/sh", "$${NOMAD_TASK_DIR}/start.sh"] } resources { cpu = ${stunnel_resources.cpu} memory = ${stunnel_resources.memory} %{ if stunnel_resources.memory_max != null }memory_max = ${stunnel_resources.memory_max}%{ endif } } template { data = <