cluster/nomad/regions/homelab-1/job/home-assistant.hcl
main 1b51d5ae56 General clean up and a switch back to Docker
Signed-off-by: main <magic_rb@redalder.org>
2022-10-27 11:43:27 +02:00

305 lines
5.9 KiB
HCL

variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "home-assistant" {
datacenters = [ "homelab-1" ]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "blowhole"
}
group "zigbee2mqtt" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
port "http" {
static = 8456
to = 8456
}
}
volume "home-assistant_zigbee2mqtt" {
type = "csi"
source = "home-assistant_zigbee2mqtt"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service {
name = "zigbee2mqtt"
port = "8456"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mqtt"
local_bind_port = 1883
datacenter = "homelab-1"
}
}
}
}
}
task "zigbee2mqtt" {
driver = "docker"
vault {
policies = ["zigbee2mqtt-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.zigbee2mqtt.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
devices = [
{
host_path = "/dev/ttyUSB0" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0"
container_path = "/dev/ttyUSB0"
}
]
}
resources {
cpu = 128
memory = 128
memory_max = 256
}
volume_mount {
volume = "home-assistant_zigbee2mqtt"
destination = "/var/zigbee2mqtt"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/zigbee2mqtt" }}
XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }}
{{ end }}
{{ with secret "kv/data/mqtt" }}
MQTT_PASSWORD={{ .Data.data.password }}
MQTT_USER={{ .Data.data.user }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
perms = "444"
}
}
}
group "mqtt" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
volume "home-assistant_mosquitto" {
type = "csi"
source = "home-assistant_mosquitto"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service {
name = "mqtt"
port = "1883"
connect {
sidecar_service {}
}
}
task "mosquitto" {
driver = "docker"
vault {
policies = ["mosquitto-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.mosquitto.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 128
memory = 128
memory_max = 256
}
volume_mount {
volume = "home-assistant_mosquitto"
destination = "/var/mosquitto"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/mqtt" }}
{{ .Data.data.user}}:{{ .Data.data.hash }}
{{ end }}
EOF
destination = "secrets/mqtt_password"
perms = "444"
}
}
}
group "home-assistant" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
port "http" {
static = 8123
to = 8123
}
}
volume "home-assistant_hass" {
type = "csi"
source = "home-assistant_hass"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "home-assistant_db" {
type = "csi"
source = "home-assistant_db"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service {
name = "home-assistant"
port = "8123"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mqtt"
local_bind_port = 1883
datacenter = "homelab-1"
}
}
}
}
}
task "postgresql" {
driver = "docker"
volume_mount {
volume = "home-assistant_db"
destination = "/var/lib/postgresql"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.postgresql.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 500
memory = 128
memory_max = 256
}
template {
data = <<EOF
alter user hass with encrypted password '{{ with secret "kv/data/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
EOF
destination = "secrets/init.sql"
}
vault {
policies = ["home-assistant-policy"]
}
}
task "home-assistant" {
driver = "docker"
vault {
policies = ["home-assistant-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.hass.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 512
memory = 1024
memory_max = 1024
}
volume_mount {
volume = "home-assistant_hass"
destination = "/var/home-assistant"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/home-assistant" }}
PSQL_PASSWORD={{ .Data.data.pgpass }}
LATITUDE={{ .Data.data.latitude }}
LONGTITUDE={{ .Data.data.longtitude }}
ELEVATION={{ .Data.data.elevation }}
TIME_ZONE={{ .Data.data.time_zone }}
ALARM_CODE={{ .Data.data.alarm_code }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
perms = "400"
}
}
}
}