# Deploy Gitea with dependancies encapsulated in the nomad job spec. This spec
# will not persist data between restarts. Good for getting started.
# WARNING: Set a secure password for the postgres user. Line 38
# WARNING: Update the domain gitea should be deployed to on traefik. Line 90
job "gitea-standalone" {
datacenters = ["dc1"]
group "database" {
count = 1
network {
mode = "bridge"
}
service {
name = "gitea-postgres-standalone"
port = "5432"
tags = ["traefik.enable=false"] # Hide postgres from traefik
connect {
sidecar_service {
tags = ["traefik.enable=false"] # Hide postgres envoy from traefik
}
}
}
task "postgres" {
driver = "docker"
config {
image = "postgres:16.1-alpine3.19"
}
env = {
"POSTGRES_USER"="gitea",
"POSTGRES_PASSWORD"="not-a-secure-password",
"POSTGRES_DB"="gitea"
}
}
}
group "frontend" {
count = 1
network {
mode = "bridge"
port "ingress" {
to = 3000
}
}
# Attach to Postgres Instance
service {
name = "postgres-gitea-standalone-envoy"
port = "ingress"
tags = ["traefik.enable=false"] # Hide envoy from traefik
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "gitea-postgres-standalone"
local_bind_address = "127.0.0.1"
local_bind_port = 5432
}
}
tags = ["traefik.enable=false"] # Hide envoy from traefik
}
}
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
# Expose to Traefik as a service
service {
name = "gitea-standalone"
port = "ingress"
tags = [
"traefik.enable=true",
"traefik.http.routers.gitea-standalone.tls=true",
"traefik.http.routers.gitea-standalone.entrypoints=websecure",
"traefik.http.routers.gitea-standalone.rule=Host(`git.example.local`)"
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
task "gitea-standalone" {
driver = "docker"
config {
image = "gitea/gitea:1.21.1"
ports = ["ingress"]
}
}
}
}