53 lines
1.3 KiB
HCL
53 lines
1.3 KiB
HCL
module "diun" {
|
|
source = "./service"
|
|
|
|
name = "diun"
|
|
image = "crazymax/diun:4.26"
|
|
args = ["serve", "--log-level=debug"]
|
|
|
|
sticky_disk = true
|
|
|
|
env = {
|
|
DIUN_DB_PATH = "$${NOMAD_ALLOC_DIR}/data/diun.db"
|
|
DIUN_WATCH_SCHEDULE = "0 */6 * * *"
|
|
DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT = true
|
|
DIUN_DEFAULTS_WATCHREPO = true
|
|
DIUN_DEFAULTS_SORTTAGS = "semver"
|
|
DIUN_DEFAUTLS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
|
|
|
|
# Nomad API
|
|
# TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
|
|
# allow read access. Will need to update template to allow passing token by env
|
|
NOMAD_ADDR = "http://$${attr.unique.network.ip-address}:4646/"
|
|
DIUN_PROVIDERS_NOMAD = true
|
|
}
|
|
|
|
templates = [
|
|
{
|
|
data = <<EOF
|
|
{{ with nomadVar "nomad/jobs/diun" -}}
|
|
DIUN_NOTIF_SLACK_WEBHOOKURL={{ .slack_hook_url }}
|
|
{{- end }}
|
|
EOF
|
|
dest_prefix = "$${NOMAD_SECRETS_DIR}"
|
|
dest = "env"
|
|
env = true
|
|
mount = false
|
|
},
|
|
]
|
|
|
|
workload_acl_policy = {
|
|
name = "diun-read"
|
|
description = "Give the diun task read access to jobs"
|
|
|
|
rules_hcl = <<EOH
|
|
namespace "default" {
|
|
capabilities = [
|
|
"list-jobs",
|
|
"read-job",
|
|
]
|
|
}
|
|
EOH
|
|
}
|
|
}
|