156 lines
3.7 KiB
Cheetah
156 lines
3.7 KiB
Cheetah
job "[[PROJECT_NAME]]" {
|
|
region = "global"
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
|
|
update {
|
|
stagger = "60s"
|
|
max_parallel = 1
|
|
progress_deadline = "6m"
|
|
auto_revert = true
|
|
}
|
|
|
|
group "[[PROJECT_NAME]]-group" {
|
|
count = 1
|
|
|
|
network {
|
|
port "http" {
|
|
to = [[PORT]] # Internal application port
|
|
}
|
|
}
|
|
|
|
# Host volume for persistent data (optional)
|
|
# Uncomment if your app needs persistent storage
|
|
# volume "data" {
|
|
# type = "host"
|
|
# source = "[[PROJECT_NAME]]-data"
|
|
# read_only = false
|
|
# }
|
|
|
|
# Register the service with Consul
|
|
service {
|
|
provider = "consul"
|
|
name = "[[PROJECT_NAME]]"
|
|
port = "http"
|
|
|
|
# Traefik-specific tags for routing
|
|
tags = [
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.[[PROJECT_NAME]].rule=Host(`[[PROJECT_NAME]].i80.dk`)",
|
|
"traefik.http.routers.[[PROJECT_NAME]].tls=true",
|
|
"PORT=${NOMAD_PORT_http}"
|
|
]
|
|
|
|
# HTTP health check - CRITICAL!
|
|
# Your app MUST implement /health endpoint
|
|
check {
|
|
name = "http_health"
|
|
type = "http"
|
|
path = "/health"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
|
|
# Important: Use interpolated port
|
|
port = "http"
|
|
|
|
# Give app time to start before first check
|
|
check_restart {
|
|
limit = 3
|
|
grace = "10s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
|
|
# Backup TCP check (if HTTP health check fails during startup)
|
|
check {
|
|
name = "tcp_alive"
|
|
type = "tcp"
|
|
interval = "30s"
|
|
timeout = "2s"
|
|
port = "http"
|
|
}
|
|
}
|
|
|
|
task "[[PROJECT_NAME]]-task" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "registry.i80.dk/gitea/[[PROJECT_NAME]]:latest"
|
|
ports = ["http"]
|
|
|
|
# Force pull latest image on each deployment
|
|
force_pull = true
|
|
|
|
# Optional: Mount host volume
|
|
# Uncomment if using volume above
|
|
# volumes = [
|
|
# "data:/app/data"
|
|
# ]
|
|
}
|
|
|
|
# Mount volume (if declared above)
|
|
# volume_mount {
|
|
# volume = "data"
|
|
# destination = "/app/data"
|
|
# read_only = false
|
|
# }
|
|
|
|
# Environment variables
|
|
env {
|
|
APP_ENV = "production"
|
|
PORT = "${NOMAD_PORT_http}"
|
|
|
|
# Workaround for Vault being down:
|
|
# Set secrets as plain environment variables
|
|
# TODO: Move to Vault when available
|
|
# DATABASE_URL = "sqlite:///app/data/app.db"
|
|
# API_KEY = "your-api-key-here" # Replace with actual value
|
|
}
|
|
|
|
# Secrets from Vault (when Vault is working)
|
|
# Uncomment when Vault is available
|
|
# template {
|
|
# data = <<EOH
|
|
# {{ with secret "secret/data/[[PROJECT_NAME]]" }}
|
|
# DATABASE_URL="{{ .Data.data.database_url }}"
|
|
# API_KEY="{{ .Data.data.api_key }}"
|
|
# {{ end }}
|
|
# EOH
|
|
# destination = "secrets/config.env"
|
|
# env = true
|
|
# }
|
|
|
|
# Logs configuration
|
|
logs {
|
|
max_files = 5
|
|
max_file_size = 10 # MB
|
|
}
|
|
|
|
resources {
|
|
cpu = 250 # MHz
|
|
memory = 128 # MB
|
|
|
|
# Optional: Memory oversubscription
|
|
# memory_max = 256
|
|
}
|
|
|
|
# Kill timeout - give app time to gracefully shutdown
|
|
kill_timeout = "30s"
|
|
}
|
|
|
|
# Restart policy
|
|
restart {
|
|
attempts = 3
|
|
interval = "5m"
|
|
delay = "15s"
|
|
mode = "fail"
|
|
}
|
|
|
|
# Ephemeral disk (for temporary files)
|
|
ephemeral_disk {
|
|
size = 300 # MB
|
|
migrate = false
|
|
}
|
|
}
|
|
}
|