variable "flake_ref" { type = string } variable "flake_sha" { type = string } job "hydra" { datacenters = [ "homelab-1" ] type = "service" constraint { attribute = "${attr.unique.hostname}" value = "blowhole" } group "svc" { count = 1 volume "hydra-data" { type = "csi" source = "hydra-data" read_only = false attachment_mode = "file-system" access_mode = "single-node-writer" } volume "hydra-nix" { type = "csi" source = "hydra-nix" read_only = false attachment_mode = "file-system" access_mode = "single-node-writer" } volume "hydra-db" { type = "csi" source = "hydra-db" read_only = false attachment_mode = "file-system" access_mode = "single-node-writer" } restart { attempts = 5 delay = "5s" } network { mode = "bridge" } service { name = "hydra" port = "3000" check { type = "http" address_mode = "alloc" path = "/" port = "3000" interval = "2s" timeout = "2s" } connect { sidecar_service {} } } task "hydra" { driver = "containerd-driver" volume_mount { volume = "hydra-data" destination = "/var/lib/hydra" read_only = false } volume_mount { volume = "hydra-nix" destination = "/nix-persist" read_only = false } config { flake_ref = "${var.flake_ref}#nixngSystems.hydra.config.system.build.toplevel" flake_sha = var.flake_sha entrypoint = [ "init" ] devices = [ "/dev/fuse" ] privileged = true } vault { policies = ["hydra-policy"] } resources { cpu = 4000 memory = 1024 memory_max = 3072 } template { data = <