chore(monica): add Nomad job and CSI volume registration

2025-06-02 17:41:00 +01:00 · 2025-06-02 17:41:00 +01:00 · 3bf9dd1c8a
commit 3bf9dd1c8a
parent 4d6d43f950
3 changed files with 133 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -46,3 +46,7 @@ module "ollama" {
 module "jayne-martin-counselling" {
  source = "./modules/jayne-martin-counselling"
 }
+
+module "monica" {
+  source = "./modules/monica"
+}
--- a/modules/monica/jobspec.nomad.hcl
+++ b/modules/monica/jobspec.nomad.hcl
@ -0,0 +1,94 @@
+job "monica" {
+
+  group "monica" {
+
+    network {
+      mode = "bridge"
+      port "http" {
+        to = 80
+      }
+      port "envoy_metrics" {
+        to = 9102
+      }
+    }
+
+    service {
+      provider = "consul"
+      port     = "80"
+
+      meta {
+        envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
+      }
+
+      connect {
+        sidecar_service {
+          proxy {
+            config {
+              protocol = "http"
+            }
+            expose {
+              path {
+                path            = "/metrics"
+                protocol        = "http"
+                local_path_port = 9102
+                listener_port   = "envoy_metrics"
+              }
+            }
+            transparent_proxy {}
+          }
+        }
+      }
+
+      tags = [
+        "traefik.enable=true",
+
+        "traefik.http.routers.monica.rule=Host(`monica.brmartin.co.uk`)",
+        "traefik.http.routers.monica.entrypoints=websecure",
+        "traefik.consulcatalog.connect=true",
+      ]
+    }
+
+    volume "storage" {
+      type            = "csi"
+      read_only       = false
+      source          = "martinibar_prod_monica_storage"
+      attachment_mode = "file-system"
+      access_mode     = "multi-node-single-writer"
+    }
+
+    task "monica" {
+      driver = "docker"
+
+      config {
+        image = "docker.io/library/monica:4.1.2"
+      }
+
+      env = {
+        DB_HOST     = "martinibar.lan"
+        DB_USERNAME = "monica"
+      }
+
+      template {
+        data = <<-EOF
+          {{ with nomadVar "nomad/jobs/monica/monica/monica" }}
+          APP_KEY={{.api_key}}
+          DB_PASSWORD={{.db_password}}
+          {{ end }}
+          EOF
+
+        destination = "secrets/file.env"
+        env         = true
+      }
+
+      resources {
+        cpu    = 500
+        memory = 1024
+      }
+
+      volume_mount {
+        volume      = "storage"
+        destination = "/var/www/html/storage"
+      }
+    }
+  }
+}
--- a/modules/monica/main.tf
+++ b/modules/monica/main.tf
@ -0,0 +1,35 @@
+resource "nomad_job" "monica" {
+  depends_on = [
+    nomad_csi_volume_registration.nfs_volume,
+  ]
+
+  jobspec = file("${path.module}/jobspec.nomad.hcl")
+}
+
+data "nomad_plugin" "nfs" {
+  plugin_id        = "nfs"
+  wait_for_healthy = true
+}
+
+resource "nomad_csi_volume_registration" "nfs_volume" {
+  depends_on = [data.nomad_plugin.nfs]
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  plugin_id   = "nfs"
+  name        = "martinibar_prod_monica_storage"
+  volume_id   = "martinibar_prod_monica_storage"
+  external_id = "martinibar_prod_monica_storage"
+
+  capability {
+    access_mode     = "multi-node-single-writer"
+    attachment_mode = "file-system"
+  }
+
+  context = {
+    "server" = "martinibar.lan",
+    "share"  = "/volume1/csi/monica/storage",
+  }
+}