chore: backup Nomad jobs [skip ci]

2025-11-21 21:10:40 +00:00
parent fe8d4976ed
commit 890c867763
29 changed files with 4519 additions and 0 deletions
--- a/nomad_backup/gitea.hcl
+++ b/nomad_backup/gitea.hcl
@@ -0,0 +1,84 @@
+job "gitea" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "gitea-server" {
+    count = 1
+
+    network {
+      
+      # Define ports for Gitea's web UI (HTTP) and SSH
+      port "http" {
+        static = 3000
+        to = 3000
+      }
+      port "ssh" {
+        to = 22
+      }
+    }
+
+    service {
+      name = "gitea"
+      tags = ["git-server", "web", "sslcert",   
+          "traefik.http.routers.gitea.rule=Host(`gitea.service.dc1.consul`,`gitea.service.dc1.fbleagh.duckdns.org`)",
+          "traefik.http.routers.gitea.tls=true",
+          "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
+          "traefik.http.routers.gitea.middlewares=gitea-headers"
+]
+      port = "http"
+
+      # Health check to ensure Gitea is running
+      check {
+        type     = "http"
+        path     = "/"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    task "gitea" {
+      driver = "docker"
+
+      config {
+        image = "gitea/gitea:latest"
+        memory_hard_limit = "20480"
+        ports = ["http", "ssh"]
+        volumes = ["/mnt/Public/configs/gitea:/data"]
+      }
+
+      # Gitea uses environment variables for configuration.
+      env {
+        # --- Database Configuration (PostgreSQL) ---
+        # The main data (users, repos metadata, issues, etc.)
+        GITEA__database__DB_TYPE = "postgres"
+        GITEA__database__HOST    = "master.postgres.service.dc1.consul:5432" # Replace with your endpoint
+        GITEA__database__NAME    = "gitea"
+        # Best practice is to use a secure secret management solution like Vault
+        # to inject these values, but here they are hardcoded for the example.
+        GITEA__database__USER    = "postgres"
+        GITEA__database__PASSWD  = "postgres"
+        GITEA__database__SSL_MODE = "disable" # Change if using TLS
+        GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES = "*" # Trust traefik
+
+        # --- Gitea Host Configuration ---
+        # Used for generating URLs in emails, SSH clone links, etc.
+        GITEA__server__DOMAIN       = "gitea.service.dc1.fbleagh.duckdns.org"
+        GITEA__server__ROOT_URL     = "https://gitea.service.dc1.fbleagh.duckdns.org/" # Adjust if using a reverse proxy
+        GITEA__server__SSH_LISTEN_PORT = "22"
+        GITEA__server__SSH_PORT       = "${NOMAD_HOST_PORT_ssh}" # The port exposed on the host for SSH
+
+        GITEA__actions__ENABLED=true
+        GITEA__packages__ENABLED=true
+
+        # Set the user Gitea runs as inside the container (important for permissions)
+        USER_UID = "1000"
+        USER_GID = "1000"
+      }
+      resources {
+        cpu    = 500
+        memory = 256
+      }      
+    }
+  }
+}
+