homelab-nomad/services/diun.tf

55 lines
1.3 KiB
HCL

module "diun" {
source = "./service"
name = "diun"
image = "crazymax/diun:4.27"
args = ["serve", "--log-level=debug"]
sticky_disk = true
env = {
DIUN_DB_PATH = "$${NOMAD_ALLOC_DIR}/data/diun.db"
DIUN_WATCH_SCHEDULE = "0 */6 * * *"
DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT = true
DIUN_DEFAULTS_WATCHREPO = true
DIUN_DEFAULTS_SORTTAGS = "semver"
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
# Nomad API
NOMAD_ADDR = "unix:///secrets/api.sock"
DIUN_PROVIDERS_NOMAD = true
DIUN_PROVIDERS_NOMAD_SECRETID = "$${NOMAD_TOKEN}"
}
task_identity = {
env = true
}
templates = [
{
data = <<EOF
{{ with nomadVar "nomad/jobs/diun" -}}
DIUN_NOTIF_SLACK_WEBHOOKURL={{ .slack_hook_url }}
{{- end }}
EOF
dest_prefix = "$${NOMAD_SECRETS_DIR}"
dest = "env"
env = true
mount = false
},
]
}
resource "nomad_acl_policy" "diun_query_jobs" {
name = "diun-query-jobs"
description = "Allow diun to query jobs"
rules_hcl = <<EOH
namespace "default" {
capabilities = ["list-jobs", "read-job"]
}
EOH
job_acl {
job_id = module.diun.job_id
}
}