homelab-nomad/services/nextcloud/nextcloud.nomad

263 lines
4.9 KiB
HCL

variable "nextcloud_db" {
type = string
default = "nextcloud"
}
variable "nextcloud_user" {
type = string
default = "nextcloud"
}
variable "nextcloud_pass" {
type = string
default = "nextcloud"
}
variable "backup_config" {
type = string
description = "HCL config for Restic Scheduler jobs"
}
job "nextcloud" {
datacenters = ["dc1"]
type = "service"
group "nextcloud" {
count = 1
network {
mode = "bridge"
port "web" {
host_network = "loopback"
to = 80
}
port "backup" {
to = 8080
}
}
volume "nextcloud-data" {
type = "host"
read_only = false
source = "nextcloud-data"
}
service {
name = "nextcloud"
port = "web"
connect {
sidecar_service {
proxy {
local_service_port = 80
upstreams {
destination_name = "mysql-server"
local_bind_port = 6060
}
config {
protocol = "tcp"
}
}
}
sidecar_task {
resources {
cpu = 50
memory = 50
}
}
}
tags = [
"traefik.enable=true",
]
}
task "nextcloud-bootstrap" {
driver = "docker"
lifecycle {
hook = "prestart"
sidecar = false
}
config {
image = "mysql:8"
args = [
"/bin/bash",
"-c",
"/usr/bin/mysql --defaults-extra-file=/task/my.cnf < /task/bootstrap.sql",
]
mount {
type = "bind"
source = "local/"
target = "/task/"
}
}
vault {
policies = [
"access-tables",
"nomad-task",
]
}
template {
data = <<EOF
[client]
host={{ env "NOMAD_UPSTREAM_IP_mysql_server" }}
port={{ env "NOMAD_UPSTREAM_PORT_mysql_server" }}
user=root
{{ with secret "kv/data/mysql" }}
password={{ .Data.data.root_password }}
{{ end }}
EOF
destination = "local/my.cnf"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
CREATE DATABASE IF NOT EXISTS `{{ .Data.data.db_name }}`;
CREATE USER IF NOT EXISTS '{{ .Data.data.db_user }}'@'%' IDENTIFIED BY '{{ .Data.data.db_pass }}';
GRANT ALL ON `{{ .Data.data.db_name }}`.* to '{{ .Data.data.db_user }}'@'%';
{{ end }}
EOF
destination = "local/bootstrap.sql"
}
resources {
cpu = 50
memory = 50
}
}
task "main" {
driver = "docker"
volume_mount {
volume = "nextcloud-data"
destination = "/var/www/html"
read_only = false
}
config {
image = "nextcloud"
ports = ["web"]
}
env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_ADDR_mysql_server}"
}
vault {
policies = [
"access-tables",
"nomad-task",
]
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
}
resources {
cpu = 50
memory = 250
}
}
service {
name = "nextcloud-backups"
port = "backup"
meta {
metrics_addr = "${NOMAD_ADDR_backup}"
}
}
# TODO: Add service and expose /metrics for prometheus to grab
task "backup" {
driver = "docker"
lifecycle {
hook = "poststart"
sidecar = false
}
volume_mount {
volume = "nextcloud-data"
destination = "/data"
read_only = true
}
config {
image = "iamthefij/resticscheduler"
args = ["/jobs/nextcloud.hcl"]
ports = ["backup"]
mount {
type = "bind"
target = "/jobs"
source = "jobs"
}
mount {
type = "bind"
target = "/tmp/passphrase"
source = "secrets/passphrase"
}
}
env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
}
vault {
policies = ["access-tables", "nomad-task"]
}
template {
data = "{{ with secret \"kv/data/nextcloud\" }}{{ .Data.data.backup_passphrase }}{{ end }}"
destination = "secrets/passphrase"
}
template {
data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
}
template {
data = var.backup_config
destination = "jobs/nextcloud.hcl"
}
resources {
cpu = 50
memory = 256
}
}
}
}