mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-27 18:46:13 +01:00
2c832617b6
Signed-off-by: Magic_RB <magic_rb@redalder.org>
181 lines
3.2 KiB
HCL
181 lines
3.2 KiB
HCL
variable "flake_ref" {
|
|
type = string
|
|
}
|
|
|
|
variable "flake_sha" {
|
|
type = string
|
|
}
|
|
|
|
job "email" {
|
|
datacenters = [ "homelab-1" ]
|
|
type = "service"
|
|
|
|
constraint {
|
|
attribute = "${attr.unique.hostname}"
|
|
value = "blowhole"
|
|
}
|
|
|
|
group "getmail" {
|
|
count = 1
|
|
|
|
volume "mail-configuration" {
|
|
type = "csi"
|
|
source = "mail-configuration"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "getmail"
|
|
port = "666"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "dovecot-lmtp"
|
|
local_bind_port = 24
|
|
datacenter = "homelab-1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "app" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "mail-configuration"
|
|
destination = "/mail-configuration"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.getmail.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
vault {
|
|
policies = ["getmail-policy"]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/cluster/getmail" }}{{ .Data.data | toJSON }}{{ end }}
|
|
EOF
|
|
destination = "secrets/getmail.passwd"
|
|
change_mode = "restart"
|
|
}
|
|
|
|
resources {
|
|
cpu = 256
|
|
memory = 512
|
|
}
|
|
}
|
|
}
|
|
|
|
group "dovecot" {
|
|
count = 1
|
|
|
|
volume "dovecot_maildir" {
|
|
type = "csi"
|
|
source = "dovecot_maildir"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
volume "mail-configuration" {
|
|
type = "csi"
|
|
source = "mail-configuration"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "multi-node-multi-writer"
|
|
}
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
service {
|
|
name = "dovecot-lmtp"
|
|
port = "24"
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "dovecot-imap"
|
|
port = "143"
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
}
|
|
|
|
task "app" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "dovecot_maildir"
|
|
destination = "/maildir"
|
|
read_only = false
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "mail-configuration"
|
|
destination = "/mail-configuration"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngSystems.dovecot.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
env {
|
|
}
|
|
|
|
resources {
|
|
cpu = 128
|
|
memory = 256
|
|
}
|
|
|
|
vault {
|
|
policies = ["dovecot-policy"]
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/cluster/dovecot" }}{{ .Data.data.passwd }}{{ end }}
|
|
EOF
|
|
destination = "secrets/passwd.dovecot"
|
|
change_mode = "noop"
|
|
}
|
|
}
|
|
}
|
|
}
|