cluster/infrastructure/hydra/nomad.hcl

job "hydra" {
  datacenters = [ "homelab-1" ]
  type = "service"

  constraint {
    attribute = "${attr.unique.hostname}"
    value = "blowhole"
  }

  group "svc" {
    count = 1

    volume "hydra-data" {
      type = "csi"
      source = "hydra-data"
      read_only = false
    }

    volume "hydra-nix" {
      type = "csi"
      source = "hydra-nix"
      read_only = false
    }

    volume "hydra-db" {
      type = "csi"
      source = "hydra-db"
      read_only = false
    }

    restart {
      attempts = 5
      delay = "5s"
    }

    network {
      port "db" {
	to = "5432"
      }
      port "http" {
	to = "3000"
      }
    }

    service {
      name = "hydra"
      port = "http"

      check {
	type = "http"
	path = "/"
	interval = "2s"
	timeout = "2s"
      }
    }

    task "hydra" {
      driver = "docker"

      volume_mount {
	volume = "hydra-data"
	destination = "/var/lib/hydra"
	read_only = false
      }

      volume_mount {
	volume = "hydra-nix"
	destination = "/nix-persist"
	read_only = false
      }

      config {
	image = "nixng-hydra:local"

	ports = ["http"]

	devices = [
	  {
	    host_path = "/dev/fuse"
	    container_path = "/dev/fuse"
	  },
	]
	cap_add = [
	  "SYS_ADMIN"
	]
      }

      vault {
	policies = ["hydra-policy"]
      }

      resources {
	cpu = 4000
	memory = 4096
      }

      template {
	data = <<EOF
dbi:Pg:dbname=hydra;host={{ env "NOMAD_IP_db" }};port={{ env "NOMAD_HOST_PORT_db" }};user=hydra;
EOF
	destination = "local/dbi"
      }

      template {
	data = <<EOF
{{ env "NOMAD_IP_db" }}:*:*:hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}
EOF
	destination = "secrets/pgpass"
	perms = "400"
      }

      template {
	data = <<EOF
{{ env "NOMAD_IP_db" }}:*:*:hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}
EOF
	destination = "secrets/pgpass-www"
	perms = "400"
      }
      
      template {
	data = <<EOF
{{ env "NOMAD_IP_db" }}:*:*:hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}
EOF
	destination = "secrets/pgpass-queue-runner"
	perms = "400"
      }
    }

    task "postgresql" {
      driver = "docker"

      volume_mount {
	volume = "hydra-db"
	destination = "/var/lib/postgresql"
	read_only = false
      }

      config {
	image = "nixng-hydra-postgresql:local"
	ports = ["db"]
      }

      resources {
	cpu = 500
	memory = 512
      }

      template {
	data = <<EOF
alter user hydra with encrypted password '{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}';
EOF
	destination = "secrets/init.sql"
      }

      vault {
	policies = ["hydra-policy"]
      }
    }
  }
}
Add full HydraCI service Signed-off-by: Magic_RB <magic_rb@redalder.org> 2021-05-03 20:30:40 +02:00			`job "hydra" {`
			`datacenters = [ "homelab-1" ]`
			`type = "service"`

			`constraint {`
			`attribute = "${attr.unique.hostname}"`
			`value = "blowhole"`
			`}`

			`group "svc" {`
			`count = 1`

			`volume "hydra-data" {`
			`type = "csi"`
			`source = "hydra-data"`
			`read_only = false`
			`}`

			`volume "hydra-nix" {`
			`type = "csi"`
			`source = "hydra-nix"`
			`read_only = false`
			`}`

			`volume "hydra-db" {`
			`type = "csi"`
			`source = "hydra-db"`
			`read_only = false`
			`}`

			`restart {`
			`attempts = 5`
			`delay = "5s"`
			`}`

			`network {`
			`port "db" {`
			`to = "5432"`
			`}`
			`port "http" {`
			`to = "3000"`
			`}`
			`}`

			`service {`
			`name = "hydra"`
			`port = "http"`

			`check {`
			`type = "http"`
			`path = "/"`
			`interval = "2s"`
			`timeout = "2s"`
			`}`
			`}`

			`task "hydra" {`
			`driver = "docker"`

			`volume_mount {`
			`volume = "hydra-data"`
			`destination = "/var/lib/hydra"`
			`read_only = false`
			`}`

			`volume_mount {`
			`volume = "hydra-nix"`
			`destination = "/nix-persist"`
			`read_only = false`
			`}`

			`config {`
			`image = "nixng-hydra:local"`

			`ports = ["http"]`

			`devices = [`
			`{`
			`host_path = "/dev/fuse"`
			`container_path = "/dev/fuse"`
			`},`
			`]`
			`cap_add = [`
			`"SYS_ADMIN"`
			`]`
			`}`

			`vault {`
			`policies = ["hydra-policy"]`
			`}`

			`resources {`
			`cpu = 4000`
			`memory = 4096`
			`}`

			`template {`
			`data = <<EOF`
			`dbi:Pg:dbname=hydra;host={{ env "NOMAD_IP_db" }};port={{ env "NOMAD_HOST_PORT_db" }};user=hydra;`
			`EOF`
			`destination = "local/dbi"`
			`}`

			`template {`
			`data = <<EOF`
			`{{ env "NOMAD_IP_db" }}:::hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}`
			`EOF`
			`destination = "secrets/pgpass"`
			`perms = "400"`
			`}`

			`template {`
			`data = <<EOF`
			`{{ env "NOMAD_IP_db" }}:::hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}`
			`EOF`
			`destination = "secrets/pgpass-www"`
			`perms = "400"`
			`}`

			`template {`
			`data = <<EOF`
			`{{ env "NOMAD_IP_db" }}:::hydra:{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}`
			`EOF`
			`destination = "secrets/pgpass-queue-runner"`
			`perms = "400"`
			`}`
			`}`

			`task "postgresql" {`
			`driver = "docker"`

			`volume_mount {`
			`volume = "hydra-db"`
			`destination = "/var/lib/postgresql"`
			`read_only = false`
			`}`

			`config {`
			`image = "nixng-hydra-postgresql:local"`
			`ports = ["db"]`
			`}`

			`resources {`
			`cpu = 500`
			`memory = 512`
			`}`

			`template {`
			`data = <<EOF`
			`alter user hydra with encrypted password '{{ with secret "kv/data/hydra" }}{{ .Data.data.pgpass}}{{ end }}';`
			`EOF`
			`destination = "secrets/init.sql"`
			`}`

			`vault {`
			`policies = ["hydra-policy"]`
			`}`
			`}`
			`}`
			`}`