Updated network

.gitea/workflows/nomad-job-complete.hcl.tmpl

@@ -0,0 +1,155 @@
+job "[[PROJECT_NAME]]" {
+  region      = "global"
+  datacenters = ["dc1"]
+  type        = "service"
+
+  update {
+    stagger           = "60s"
+    max_parallel      = 1
+    progress_deadline = "6m"
+    auto_revert       = true
+  }
+
+  group "[[PROJECT_NAME]]-group" {
+    count = 1
+
+    network {
+      port "http" {
+        to = [[PORT]]  # Internal application port
+      }
+    }
+
+    # Host volume for persistent data (optional)
+    # Uncomment if your app needs persistent storage
+    # volume "data" {
+    #   type      = "host"
+    #   source    = "[[PROJECT_NAME]]-data"
+    #   read_only = false
+    # }
+
+    # Register the service with Consul
+    service {
+      provider = "consul"
+      name     = "[[PROJECT_NAME]]"
+      port     = "http"
+
+      # Traefik-specific tags for routing
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.[[PROJECT_NAME]].rule=Host(`[[PROJECT_NAME]].i80.dk`)",
+        "traefik.http.routers.[[PROJECT_NAME]].tls=true",
+        "PORT=${NOMAD_PORT_http}"
+      ]
+
+      # HTTP health check - CRITICAL!
+      # Your app MUST implement /health endpoint
+      check {
+        name     = "http_health"
+        type     = "http"
+        path     = "/health"
+        interval = "10s"
+        timeout  = "2s"
+        
+        # Important: Use interpolated port
+        port     = "http"
+        
+        # Give app time to start before first check
+        check_restart {
+          limit           = 3
+          grace           = "10s"
+          ignore_warnings = false
+        }
+      }
+
+      # Backup TCP check (if HTTP health check fails during startup)
+      check {
+        name     = "tcp_alive"
+        type     = "tcp"
+        interval = "30s"
+        timeout  = "2s"
+        port     = "http"
+      }
+    }
+
+    task "[[PROJECT_NAME]]-task" {
+      driver = "docker"
+
+      config {
+        image = "registry.i80.dk/gitea/[[PROJECT_NAME]]:latest"
+        ports = ["http"]
+        
+        # Force pull latest image on each deployment
+        force_pull = true
+        
+        # Optional: Mount host volume
+        # Uncomment if using volume above
+        # volumes = [
+        #   "data:/app/data"
+        # ]
+      }
+
+      # Mount volume (if declared above)
+      # volume_mount {
+      #   volume      = "data"
+      #   destination = "/app/data"
+      #   read_only   = false
+      # }
+
+      # Environment variables
+      env {
+        APP_ENV = "production"
+        PORT    = "${NOMAD_PORT_http}"
+        
+        # Workaround for Vault being down:
+        # Set secrets as plain environment variables
+        # TODO: Move to Vault when available
+        # DATABASE_URL = "sqlite:///app/data/app.db"
+        # API_KEY      = "your-api-key-here"  # Replace with actual value
+      }
+
+      # Secrets from Vault (when Vault is working)
+      # Uncomment when Vault is available
+      # template {
+      #   data = <<EOH
+      # {{ with secret "secret/data/[[PROJECT_NAME]]" }}
+      # DATABASE_URL="{{ .Data.data.database_url }}"
+      # API_KEY="{{ .Data.data.api_key }}"
+      # {{ end }}
+      # EOH
+      #   destination = "secrets/config.env"
+      #   env         = true
+      # }
+
+      # Logs configuration
+      logs {
+        max_files     = 5
+        max_file_size = 10  # MB
+      }
+
+      resources {
+        cpu    = 250  # MHz
+        memory = 128  # MB
+        
+        # Optional: Memory oversubscription
+        # memory_max = 256
+      }
+
+      # Kill timeout - give app time to gracefully shutdown
+      kill_timeout = "30s"
+    }
+
+    # Restart policy
+    restart {
+      attempts = 3
+      interval = "5m"
+      delay    = "15s"
+      mode     = "fail"
+    }
+
+    # Ephemeral disk (for temporary files)
+    ephemeral_disk {
+      size    = 300  # MB
+      migrate = false
+    }
+  }
+}