job "grafana" {
  datacenters = ["dc1"]

  group "grafana" {
    count = 1

    # TODO: Add backup task or job

    network {
      mode = "bridge"

      port "web" {
        host_network = "loopback"
        to = 3000
      }
    }

    ephemeral_disk {
      migrate = true
      sticky = true
    }

    service {
      name = "grafana"
      port = "web"

      connect {
        sidecar_service {
          proxy {
            local_service_port = 3000

            upstreams {
              destination_name = "prometheus"
              local_bind_port = 9090
            }

            upstreams {
              destination_name = "loki"
              local_bind_port = 3100
            }
          }
        }

        sidecar_task {
          resources {
            cpu    = 50
            memory = 50
          }
        }
      }

      check {
        type = "http"
        path = "/"
        port = "web"
        interval = "10s"
        timeout = "10s"
      }

      tags = [
        "traefik.enable=true",
      ]
    }

    task "grafana" {
      driver = "docker"

      config {
        image = "grafana/grafana:7.3.6"
        ports = ["web"]

        mount {
          type = "bind"
          target = "/etc/grafana"
          source = "local/config"
        }
      }

      env = {
        "GF_INSTALL_PLUGINS" = "grafana-clock-panel,grafana-piechart-panel,grafana-polystat-panel",
      }

      vault {
        policies = [
          "access-tables",
          "nomad-task",
        ]
      }

      template {
        data = <<EOF
{{ with secret "kv/data/grafana" }}
GF_SECURITY_ADMIN_PASSWORD={{ .Data.data.admin_pw }}
GF_SMTP_USER={{ .Data.data.smtp_user }}
GF_SMTP_PASSWORD={{ .Data.data.smtp_password }}
GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY={{ .Data.data.minio_access_key }}
GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY={{ .Data.data.minio_secret_key }}
GRAFANA_ALERT_EMAIL_ADDRESSES={{ .Data.data.alert_email_addresses }}
{{ end }}
{{ with secret "kv/data/slack" }}
SLACK_BOT_URL={{ .Data.data.bot_url }}
SLACK_BOT_TOKEN={{ .Data.data.bot_token }}
SLACK_HOOK_URL={{ .Data.data.hook_url }}
{{ end }}
        EOF
        env = true
        destination = "secrets/conf.env"
      }

      %{ for config_file in fileset(join("/", [module_path, "grafana"]), "**") ~}
      template {
        data = <<EOF
${file(join("/", [module_path, "grafana", config_file]))}
        EOF
        change_mode = "signal"
        change_signal = "SIGHUP"
        destination = "local/config/${config_file}"
        # Change template delimeter for dashboard files that use json and have double curly braces and square braces
        %{ if length(regexall("dashboard", config_file)) > 0 ~}
        left_delimiter = "<<<<"
        right_delimiter = ">>>>"
        %{ endif ~}
      }
      %{ endfor ~}

      resources {
        cpu = 100
        memory = 200
      }
    }
  }
}