hjess/mmd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
044cafecc1fcca933794ef453a0eb4b1c01ce54f
mmd/mmd.nomad
Henrik Jess Nielsen 044cafecc1
Some checks failed
Build and Deploy MoneyMaker / build-and-deploy (push) Has been cancelled
Details
feat(deploy): use Consul KV for secrets via template stanza 
- Remove sed substitution from pipeline (no more __PLACEHOLDER__ pattern)
- Nomad template{} reads mmd/* keys from Consul KV at allocation time
- Secrets never touch git or pipeline logs
- Remove Gitea secrets dependency for app secrets (only HARBOR_ROBOT_TOKEN needed)
2026-05-27 00:07:32 +02:00

164 lines
3.8 KiB
HCL
Raw Blame History

job "moneymaker" {
region = "global"
datacenters = ["dc1"]
type = "service"
update {
stagger = "30s"
max_parallel = 1
canary = 1
min_healthy_time = "10s"
healthy_deadline = "5m"
auto_revert = true
auto_promote = true
progress_deadline = "10m"
}
group "app" {
count = 1
network {
port "http" {}
}
reschedule {
attempts = 5
interval = "10m"
delay = "30s"
delay_function = "exponential"
max_delay = "120s"
unlimited = false
}
constraint {
attribute = "${node.unique.name}"
value = "int"
}
service {
provider = "consul"
name = "moneymaker"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.moneymaker.rule=Host(`mmd.i80.dk`)",
"traefik.http.routers.moneymaker.tls=true",
]
canary_tags = [
"traefik.enable=false",
]
check {
name = "http_health_check"
type = "http"
path = "/health"
interval = "10s"
timeout = "5s"
check_restart {
limit = 3
grace = "30s"
}
}
}
# -- Dashboard (Flask web app) ----------------------------------------
task "web" {
driver = "docker"
config {
image = "registry.i80.dk/gitea/mmd:latest"
ports = ["http"]
force_pull = true
volumes = ["/opt/nomad/volumes/moneymaker-data:/app/data"]
}
restart {
attempts = 10
interval = "10m"
delay = "10s"
mode = "fail"
}
env {
APP_ENV = "production"
PORT = "${NOMAD_PORT_http}"
HOST = "0.0.0.0"
LOG_DIR = "/app/data/logs"
SAXO_TOKEN_FILE = "/app/data/.saxo_token.json"
HF_HOME = "/app/data/hf-cache"
}
template {
data = <<EOF
DATABASE_URL={{ key "mmd/DATABASE_URL" }}
ANTHROPIC_API_KEY={{ key "mmd/anthropic_api_key" }}
SAXO_APP_KEY={{ key "mmd/SAXO_APP_KEY" }}
SAXO_APP_SECRET_1={{ key "mmd/SAXO_APP_SECRET_1" }}
SAXO_APP_SECRET_2={{ key "mmd/SAXO_APP_SECRET_2" }}
SAXO_BASE={{ key "mmd/SAXO_BASE" }}
SAXO_AUTH_URL={{ key "mmd/SAXO_AUTH_URL" }}
SAXO_TOKEN_URL={{ key "mmd/SAXO_TOKEN_URL" }}
SAXO_REDIRECT={{ key "mmd/SAXO_REDIRECT" }}
EOF
destination = "secrets/app.env"
env = true
}
resources {
cpu = 300
memory = 512
}
}
# -- Worker (pipeline scheduler, runs FinBERT + Claude) ----------------
task "worker" {
driver = "docker"
config {
image = "registry.i80.dk/gitea/mmd:latest"
command = "python"
args = ["scheduler.py"]
force_pull = true
volumes = ["/opt/nomad/volumes/moneymaker-data:/app/data"]
}
restart {
attempts = 10
interval = "10m"
delay = "10s"
mode = "fail"
}
env {
LOG_DIR = "/app/data/logs"
SAXO_TOKEN_FILE = "/app/data/.saxo_token.json"
HF_HOME = "/app/data/hf-cache"
}
template {
data = <<EOF
DATABASE_URL={{ key "mmd/DATABASE_URL" }}
ANTHROPIC_API_KEY={{ key "mmd/anthropic_api_key" }}
SAXO_APP_KEY={{ key "mmd/SAXO_APP_KEY" }}
SAXO_APP_SECRET_1={{ key "mmd/SAXO_APP_SECRET_1" }}
SAXO_APP_SECRET_2={{ key "mmd/SAXO_APP_SECRET_2" }}
SAXO_BASE={{ key "mmd/SAXO_BASE" }}
SAXO_AUTH_URL={{ key "mmd/SAXO_AUTH_URL" }}
SAXO_TOKEN_URL={{ key "mmd/SAXO_TOKEN_URL" }}
SAXO_REDIRECT={{ key "mmd/SAXO_REDIRECT" }}
EOF
destination = "secrets/app.env"
env = true
}
resources {
cpu = 1500
memory = 3072
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink