cluster/nomad/regions/homelab-1/job/email.hcl
Magic_RB 2c832617b6
Adjust secrets paths for new Vault deployment
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2023-04-23 23:05:13 +02:00

181 lines
3.2 KiB
HCL

variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "email" {
datacenters = [ "homelab-1" ]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "blowhole"
}
group "getmail" {
count = 1
volume "mail-configuration" {
type = "csi"
source = "mail-configuration"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "getmail"
port = "666"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "dovecot-lmtp"
local_bind_port = 24
datacenter = "homelab-1"
}
}
}
}
}
task "app" {
driver = "docker"
volume_mount {
volume = "mail-configuration"
destination = "/mail-configuration"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.getmail.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
vault {
policies = ["getmail-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/getmail" }}{{ .Data.data | toJSON }}{{ end }}
EOF
destination = "secrets/getmail.passwd"
change_mode = "restart"
}
resources {
cpu = 256
memory = 512
}
}
}
group "dovecot" {
count = 1
volume "dovecot_maildir" {
type = "csi"
source = "dovecot_maildir"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
volume "mail-configuration" {
type = "csi"
source = "mail-configuration"
read_only = false
attachment_mode = "file-system"
access_mode = "multi-node-multi-writer"
}
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
service {
name = "dovecot-lmtp"
port = "24"
connect {
sidecar_service {}
}
}
service {
name = "dovecot-imap"
port = "143"
connect {
sidecar_service {}
}
}
task "app" {
driver = "docker"
volume_mount {
volume = "dovecot_maildir"
destination = "/maildir"
read_only = false
}
volume_mount {
volume = "mail-configuration"
destination = "/mail-configuration"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.dovecot.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
env {
}
resources {
cpu = 128
memory = 256
}
vault {
policies = ["dovecot-policy"]
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/dovecot" }}{{ .Data.data.passwd }}{{ end }}
EOF
destination = "secrets/passwd.dovecot"
change_mode = "noop"
}
}
}
}