shoenig/hclfmt.nomad.hcl

## hclfmt.nomad.hcl
job "hclfmt" {
  datacenters = ["nyc3"]
  type        = "service"

  group "format" {
    network {
      mode = "host"
      port "http" {
        host_network = "internal"
      }
    }

    update {
      min_healthy_time = "1s"
    }

    task "hclfmt" {
      driver = "exec2"
      user   = "anonymous"
      config {
        command    = "local/hclfmt-web"
      }
      env {
        PORT = "${NOMAD_PORT_http}"
        BIND = "${NOMAD_IP_http}"
      }
      resources {
        cpu    = 150
        memory = 32
      }
      service {
        provider = "nomad"
        name     = "hclfmt"
        port     = "http"
        check {
          name     = "hclfmt-tcp"
          type     = "tcp"
          interval = "5s"
          timeout  = "1s"
        }
        tags = [
          "traefik.enable=true",
          "traefik.http.routers.hclfmt.rule=Path(`/hclfmt`)",
          "traefik.http.routers.hclfmt.middlewares=stripper-hclfmt@nomad",
          "traefik.http.middlewares.stripper-hclfmt.stripprefix.prefixes=/hclfmt",
          "traefik.http.middlewares.stripper-hclfmt.stripprefix.forceSlash=false",
          "traefik.http.routers.hclfmt.tls.certresolver=le",
          "traefik.http.routers.hclfmt.entrypoints=https",
          "traefik.http.routers.hclfmt.priority=70",
        ]
      }
      artifact {
        source      = "https://github.com/shoenig/hclfmt-web/releases/download/v0.1.1/hclfmt-web_0.1.1_linux_amd64.tar.gz"
        destination = "local/"
      }
    }
  }
}

## traefik.nomad.hcl
job "traefik" {
  datacenters = ["nyc3"]
  type        = "service"

  group "lb" {
    network {
      mode = "host"
      port "http" {
        static = 80
      }
      port "https" {
        static = 443
      }
      # port "dashboard" { static = 8090 }
    }

    update {
      min_healthy_time = "3s"
    }

    task "traefik" {
      # sudo setcap CAP_NET_BIND_SERVICE=+eip /opt/bin/nomad, driver, traefik
      # TODO: how about a prestart task that does this for me

      driver = "exec2"
      user   = "traefik"
      config {
        command = "/opt/bin/traefik"
        unveil = [
          "rx:/opt/bin/traefik",
          "rw:/srv/traefik.d/acme.json"
        ]
        args = [
          # https
          "--entrypoints.https=true",
          "--entrypoints.https.address=:${NOMAD_PORT_https}",

          # http -> https redirect
          "--entrypoints.http=true",
          "--entrypoints.http.address=:${NOMAD_PORT_http}",
          "--entrypoints.http.http.redirections.entrypoint.to=https",
          "--entrypoints.http.http.redirections.entrypoint.scheme=https",

          # acme
          "--certificatesresolvers.le.acme.email=seth.a.hoenig@gmail.com",
          "--certificatesresolvers.le.acme.storage=/srv/traefik.d/acme.json",
          "--certificatesresolvers.le.acme.tlschallenge=true",

          # nomad
          "--providers.nomad=true",
          "--providers.nomad.endpoint.address=http://127.0.0.1:4646",

          # staging, debug
          # "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory",
          # "--api.insecure=true",
          # "--api.dashboard=true",
          "--log.level=INFO",
        ]
      }
      resources {
        memory = 150
        cpu    = 250
      }
    }
  }
}
	job "hclfmt" {
	datacenters = ["nyc3"]
	type = "service"

	group "format" {
	network {
	mode = "host"
	port "http" {
	host_network = "internal"
	}
	}

	update {
	min_healthy_time = "1s"
	}

	task "hclfmt" {
	driver = "exec2"
	user = "anonymous"
	config {
	command = "local/hclfmt-web"
	}
	env {
	PORT = "${NOMAD_PORT_http}"
	BIND = "${NOMAD_IP_http}"
	}
	resources {
	cpu = 150
	memory = 32
	}
	service {
	provider = "nomad"
	name = "hclfmt"
	port = "http"
	check {
	name = "hclfmt-tcp"
	type = "tcp"
	interval = "5s"
	timeout = "1s"
	}
	tags = [
	"traefik.enable=true",
	"traefik.http.routers.hclfmt.rule=Path(`/hclfmt`)",
	"traefik.http.routers.hclfmt.middlewares=stripper-hclfmt@nomad",
	"traefik.http.middlewares.stripper-hclfmt.stripprefix.prefixes=/hclfmt",
	"traefik.http.middlewares.stripper-hclfmt.stripprefix.forceSlash=false",
	"traefik.http.routers.hclfmt.tls.certresolver=le",
	"traefik.http.routers.hclfmt.entrypoints=https",
	"traefik.http.routers.hclfmt.priority=70",
	]
	}
	artifact {
	source = "https://github.com/shoenig/hclfmt-web/releases/download/v0.1.1/hclfmt-web_0.1.1_linux_amd64.tar.gz"
	destination = "local/"
	}
	}
	}
	}
	job "traefik" {
	datacenters = ["nyc3"]
	type = "service"

	group "lb" {
	network {
	mode = "host"
	port "http" {
	static = 80
	}
	port "https" {
	static = 443
	}
	# port "dashboard" { static = 8090 }
	}

	update {
	min_healthy_time = "3s"
	}

	task "traefik" {
	# sudo setcap CAP_NET_BIND_SERVICE=+eip /opt/bin/nomad, driver, traefik
	# TODO: how about a prestart task that does this for me

	driver = "exec2"
	user = "traefik"
	config {
	command = "/opt/bin/traefik"
	unveil = [
	"rx:/opt/bin/traefik",
	"rw:/srv/traefik.d/acme.json"
	]
	args = [
	# https
	"--entrypoints.https=true",
	"--entrypoints.https.address=:${NOMAD_PORT_https}",

	# http -> https redirect
	"--entrypoints.http=true",
	"--entrypoints.http.address=:${NOMAD_PORT_http}",
	"--entrypoints.http.http.redirections.entrypoint.to=https",
	"--entrypoints.http.http.redirections.entrypoint.scheme=https",

	# acme
	"--certificatesresolvers.le.acme.email=seth.a.hoenig@gmail.com",
	"--certificatesresolvers.le.acme.storage=/srv/traefik.d/acme.json",
	"--certificatesresolvers.le.acme.tlschallenge=true",

	# nomad
	"--providers.nomad=true",
	"--providers.nomad.endpoint.address=http://127.0.0.1:4646",

	# staging, debug
	# "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory",
	# "--api.insecure=true",
	# "--api.dashboard=true",
	"--log.level=INFO",
	]
	}
	resources {
	memory = 150
	cpu = 250
	}
	}
	}
	}