Homelab/nomad_jobs/apps/gitea-standalone.nomad.hcl

# Deploy Gitea with dependancies encapsulated in the nomad job spec. This spec
# will not persist data between restarts. Good for getting started. 

# WARNING: Set a secure password for the postgres user. Line 38
# WARNING: Update the domain gitea should be deployed to on traefik. Line 90

job "gitea-standalone" {
  datacenters = ["dc1"]

  group "database" {
    count = 1

    network {
      mode = "bridge"
    }

    service {
      name = "gitea-postgres-standalone"
      port = "5432"
      tags = ["traefik.enable=false"] # Hide postgres from traefik

      connect {
        sidecar_service {
          tags = ["traefik.enable=false"] # Hide postgres envoy from traefik
        }
      }
    }

    task "postgres" {
      driver = "docker"

      config {
        image = "postgres:16.1-alpine3.19"
      }

      env = {
        "POSTGRES_USER"="gitea",
        "POSTGRES_PASSWORD"="not-a-secure-password",
        "POSTGRES_DB"="gitea"
      }
    }
  }

  group "frontend" {
    count = 1

    network {
      mode = "bridge"
      port "ingress" {
        to = 3000
      }
    }

    # Attach to Postgres Instance
    service {
      name = "postgres-gitea-standalone-envoy"
      port = "ingress"
      tags = ["traefik.enable=false"] # Hide envoy from traefik

      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name   = "gitea-postgres-standalone"
              local_bind_address = "127.0.0.1"
              local_bind_port    = 5432
            }
          } 
          tags = ["traefik.enable=false"] # Hide envoy from traefik
        }
      } 

      check {
        type = "http"
        path = "/"
        interval = "10s"
        timeout = "2s"
      }
    }

    # Expose to Traefik as a service
    service {
      name = "gitea-standalone"
      port = "ingress"

      tags = [
        "traefik.enable=true", 
        "traefik.http.routers.gitea-standalone.tls=true",
        "traefik.http.routers.gitea-standalone.entrypoints=websecure",
        "traefik.http.routers.gitea-standalone.rule=Host(`git.example.local`)"
      ] 

      check {
        type = "http"
        path = "/"
        interval = "10s"
        timeout = "2s"
      }
    }

    task "gitea-standalone" {
      driver = "docker"

      config {
        image = "gitea/gitea:1.21.1"
        ports = ["ingress"]
      }
    }
  }
}