devops-dash.nomad

variable "service_name" {
  description = "Service name for consistent naming"
  type        = string
  default     = "devops-dash"
}

variable "image_tag" {
  description = "Docker image tag to deploy"
  type        = string
  default     = "latest"
}

job "devops-dash" {
  datacenters = ["dc1"]
  type        = "service"

  meta {
    uuid         = uuidv4()
    service_name = var.service_name
  }

  update {
    stagger           = "30s"
    max_parallel      = 1
    auto_revert       = true
    progress_deadline = "15m"
  }

  group "devops-dash" {
    count = 1

    constraint {
      attribute = "${node.unique.name}"
      value     = "autobox.i80.dk"
    }

    update {
      canary           = 1
      auto_promote     = true
      min_healthy_time = "15s"
      healthy_deadline = "10m"
      progress_deadline = "15m"
      auto_revert      = true
    }

    network {
      port "http" {}
    }

    reschedule {
      attempts       = 5
      interval       = "10m"
      delay          = "30s"
      delay_function = "exponential"
      max_delay      = "120s"
      unlimited      = false
    }

    # host volume disabled until autobox is configured.
    # To enable: add to /etc/nomad.d/client.hcl on autobox:
    #   host_volume "devops-mcp-data" {
    #     path      = "/opt/devops-mcp/data"
    #     read_only = false
    #   }
    # Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad
    #
    # volume "devops-mcp-data" {
    #   type      = "host"
    #   read_only = true
    #   source    = "devops-mcp-data"
    # }

    service {
      provider = "consul"
      name     = var.service_name
      port     = "http"

      tags = [
        "traefik.enable=true",
        "traefik.http.routers.${var.service_name}.rule=Host(`dash.i80.dk`)",
        "traefik.http.routers.${var.service_name}.tls=true",
        "traefik.http.middlewares.${var.service_name}-limit.ratelimit.burst=20",
        "traefik.http.middlewares.${var.service_name}-limit.ratelimit.period=1m",
        "traefik.http.routers.${var.service_name}.middlewares=${var.service_name}-limit"
      ]

      check {
        name     = "http_health_check"
        type     = "http"
        port     = "http"
        path     = "/health"
        interval = "10s"
        timeout  = "5s"
      }
    }

    task "devops-dash" {
      driver = "docker"

      # volume_mount {
      #   volume      = "devops-mcp-data"
      #   destination = "/data"
      #   read_only   = true
      # }

      config {
        image      = "registry.i80.dk/gitea/devops-dash:${var.image_tag}"
        ports      = ["http"]
        force_pull = true

        auth {
          username = "robot$gitserver"
          password = "${HARBOR_ROBOT_TOKEN}"
        }
      }

      template {
        data = <<EOH
HARBOR_ROBOT_TOKEN="{{ key "harbor/robot/token" }}"
EOH
        destination = "secrets/registry.env"
        env         = true
      }

      env {
        PORT             = "${NOMAD_PORT_http}"
        HOST             = "0.0.0.0"
        REDIS_URL        = "redis://192.168.15.124:6379"
        DEVOPS_MCP_URL   = "https://devops-mcp.i80.dk"
        DATA_DIR         = "/data"
        PYTHONUNBUFFERED = "1"
      }

      resources {
        cpu    = 200
        memory = 256
      }
    }
  }
}
fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`variable "service_name" {`
			`description = "Service name for consistent naming"`
			`type = string`
			`default = "devops-dash"`
			`}`

			`variable "image_tag" {`
			`description = "Docker image tag to deploy"`
			`type = string`
			`default = "latest"`
			`}`

Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`job "devops-dash" {`
			`datacenters = ["dc1"]`
			`type = "service"`

fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`meta {`
			`uuid = uuidv4()`
			`service_name = var.service_name`
			`}`

			`update {`
			`stagger = "30s"`
			`max_parallel = 1`
			`auto_revert = true`
			`progress_deadline = "15m"`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`}`

			`group "devops-dash" {`
			`count = 1`

fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`constraint {`
			`attribute = "${node.unique.name}"`
			`value = "autobox.i80.dk"`
			`}`

			`update {`
			`canary = 1`
			`auto_promote = true`
			`min_healthy_time = "15s"`
			`healthy_deadline = "10m"`
			`progress_deadline = "15m"`
			`auto_revert = true`
			`}`

Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`network {`
			`port "http" {}`
			`}`

fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`reschedule {`
			`attempts = 5`
			`interval = "10m"`
			`delay = "30s"`
			`delay_function = "exponential"`
			`max_delay = "120s"`
			`unlimited = false`
			`}`

Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`# host volume disabled until autobox is configured.`
			`# To enable: add to /etc/nomad.d/client.hcl on autobox:`
			`# host_volume "devops-mcp-data" {`
			`# path = "/opt/devops-mcp/data"`
			`# read_only = false`
			`# }`
			`# Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad`
			`#`
			`# volume "devops-mcp-data" {`
			`# type = "host"`
			`# read_only = true`
			`# source = "devops-mcp-data"`
			`# }`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00
fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`service {`
			`provider = "consul"`
			`name = var.service_name`
			`port = "http"`

			`tags = [`
			`"traefik.enable=true",`
			"traefik.http.routers.${var.service_name}.rule=Host(`dash.i80.dk`)",
			`"traefik.http.routers.${var.service_name}.tls=true",`
			`"traefik.http.middlewares.${var.service_name}-limit.ratelimit.burst=20",`
			`"traefik.http.middlewares.${var.service_name}-limit.ratelimit.period=1m",`
			`"traefik.http.routers.${var.service_name}.middlewares=${var.service_name}-limit"`
			`]`

			`check {`
			`name = "http_health_check"`
			`type = "http"`
			`port = "http"`
			`path = "/health"`
			`interval = "10s"`
			`timeout = "5s"`
			`}`
			`}`

Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`task "devops-dash" {`
			`driver = "docker"`

Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`# volume_mount {`
			`# volume = "devops-mcp-data"`
			`# destination = "/data"`
			`# read_only = true`
			`# }`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00
			`config {`
fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`image = "registry.i80.dk/gitea/devops-dash:${var.image_tag}"`
Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`ports = ["http"]`
			`force_pull = true`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00
			`auth {`
Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`username = "robot$gitserver"`
			`password = "${HARBOR_ROBOT_TOKEN}"`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`}`
			`}`

			`template {`
Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`data = <<EOH`
			`HARBOR_ROBOT_TOKEN="{{ key "harbor/robot/token" }}"`
			`EOH`
			`destination = "secrets/registry.env"`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`env = true`
			`}`

			`env {`
fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern - Add service_name and image_tag variables to nomad job - Use ${var.image_tag} in image ref instead of hardcoded 'latest' - CI now passes git SHA as -var='image_tag=<sha>' to nomad job run - Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting) - Add canary update strategy and reschedule block - Move service block to group level (nomad best practice) 2026-05-09 18:06:18 +02:00			`PORT = "${NOMAD_PORT_http}"`
			`HOST = "0.0.0.0"`
			`REDIS_URL = "redis://192.168.15.124:6379"`
			`DEVOPS_MCP_URL = "https://devops-mcp.i80.dk"`
			`DATA_DIR = "/data"`
Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`PYTHONUNBUFFERED = "1"`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`}`

			`resources {`
Remove host volume from Nomad job — unblocks placement on autobox The devops-mcp-data host volume is not yet configured on autobox.i80.dk, causing 'missing compatible host volumes' placement failure. Comment out the volume + volume_mount blocks so the job can schedule immediately. Knowledge catalog files are accessed via MCP proxy for now. Instructions to re-enable (when ready): Add to /etc/nomad.d/client.hcl on autobox: host_volume "devops-mcp-data" { path = "/opt/devops-mcp/data" read_only = false } Then: mkdir -p /opt/devops-mcp/data && systemctl restart nomad Also: switch auth to HARBOR_ROBOT_TOKEN pattern (matches devops-mcp.nomad), add force_pull=true, set provider=consul. 2026-05-09 16:48:06 +02:00			`cpu = 200`
			`memory = 256`
Initial DevOpsDash — FastAPI + Alpine.js dashboard for DevOpsMCP - Taskz kanban board (create/edit tasks, findings, status/priority) - Worklog timeline + standup summary (proxied from DevOpsMCP MCP API) - Knowledge browser (ADRs, memories, knowledge catalog files) - FastAPI backend reading same Redis as DevOpsMCP - Read-only bind-mount for DevOpsMCP data directory (/data) - Nomad job spec (dash.i80.dk, Traefik TLS, host volume read-only) - Gitea Actions CI → registry.i80.dk/gitea/devops-dash:latest 2026-05-09 16:36:18 +02:00			`}`
			`}`
			`}`
			`}`