job "hydra" { datacenters = [ "homelab-1" ] type = "service" constraint { attribute = "${attr.unique.hostname}" value = "blowhole" } group "svc" { count = 1 volume "hydra-data" { type = "csi" source = "hydra-data" read_only = false } volume "hydra-nix" { type = "csi" source = "hydra-nix" read_only = false } volume "hydra-db" { type = "csi" source = "hydra-db" read_only = false } restart { attempts = 5 delay = "5s" } network { port "db" { to = "5432" } port "http" { to = "3000" } } service { name = "hydra" port = "http" check { type = "http" path = "/" interval = "2s" timeout = "2s" } } task "hydra" { driver = "docker" volume_mount { volume = "hydra-data" destination = "/var/lib/hydra" read_only = false } volume_mount { volume = "hydra-nix" destination = "/nix-persist" read_only = false } config { image = "nixng-hydra:local" ports = ["http"] devices = [ { host_path = "/dev/fuse" container_path = "/dev/fuse" }, ] cap_add = [ "SYS_ADMIN" ] } vault { policies = ["hydra-policy"] } resources { cpu = 4000 memory = 4096 } template { data = <