From 7929ae75e795d5fa735862ca2e814d3fe203c64c Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Mon, 4 Sep 2023 18:52:49 +0200
Subject: [PATCH] add ghostfolio service

---
 ansible/group_vars/database |  6 ++-
 nomad-job/ghostfolio.nomad  | 86 +++++++++++++++++++++++++++++++++++++
 vault/nomad.tf              |  1 +
 3 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 nomad-job/ghostfolio.nomad

diff --git a/ansible/group_vars/database b/ansible/group_vars/database
index 9d343cc..8117154 100644
--- a/ansible/group_vars/database
+++ b/ansible/group_vars/database
@@ -25,6 +25,9 @@ postgresql_users:
     password: "{{  lookup('hashi_vault', 'secret=secrets/data/database/dump:password')}}"
   - name: vikunja
     password: "{{  lookup('hashi_vault', 'secret=secrets/data/database/vikunja:password')}}"
+  - name: ghostfolio
+    password: "{{  lookup('hashi_vault', 'secret=secrets/data/database/ghostfolio:password')}}"
+
 
 postgresql_databases:
   - name: wikijs
@@ -47,4 +50,5 @@ postgresql_databases:
     owner: paperless
   - name: vikunja
     owner: vikunja
-
+  - name: ghostfolio
+    owner: ghostfolio
diff --git a/nomad-job/ghostfolio.nomad b/nomad-job/ghostfolio.nomad
new file mode 100644
index 0000000..8e910c2
--- /dev/null
+++ b/nomad-job/ghostfolio.nomad
@@ -0,0 +1,86 @@
+
+job "ghostfolio" {
+  datacenters = ["homelab"]
+  priority = 50
+  type = "service"
+  meta {
+    forcedeploy = "0"
+  }
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value = "amd64"
+  }
+
+  group "main"{
+    network {
+      mode = "host"
+      port "http" {
+      }
+      port "redis" {
+          to = 6379
+      }
+    }
+    vault{
+      policies= ["ghostfolio"]
+
+    }
+    task "redis" {
+        driver = "docker"
+        config {
+            image = "redis"
+            ports = ["redis"]
+        }
+        resources {
+            memory = 50
+        }
+
+    }
+    task "server" {
+      driver = "docker"
+      service {
+        name = "${NOMAD_JOB_NAME}"
+        port = "http"
+        tags = [
+            "traefik.enable=true",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.win`)",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.win",
+            "traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
+
+
+        ]
+      }
+      config {
+        image = "ghostfolio/ghostfolio:latest"
+        ports = ["http"]
+        volumes = [
+        ]
+
+      }
+      env {
+          NODE_ENV = "production"
+          REDIS_HOST= "${NOMAD_IP_redis}"
+          REDIS_PORT = "${NOMAD_HOST_PORT_redis}"
+          PORT = "${NOMAD_PORT_http}"
+          JWT_SECRET_KEY = uuidv4()
+
+      }
+
+      template {
+        data= <<EOH
+          {{ with secret "secrets/data/database/ghostfolio"}}
+           DATABASE_URL = postgresql://ghostfolio:{{.Data.data.password}}@db1.ducamps.win:5432/ghostfolio?connect_timeout=300&sslmode=prefer
+          {{end}}
+          {{ with secret "secrets/data/nomad/ghostfolio"}}
+          ACCESS_TOKEN_SALT = {{.Data.data.token}}
+          {{end}}
+          EOH
+        destination = "secrets/ghostfolio.env"
+        env = true
+      }
+      resources {
+        memory = 400
+      }
+    }
+
+  }
+}
diff --git a/vault/nomad.tf b/vault/nomad.tf
index 51c8924..78b907d 100644
--- a/vault/nomad.tf
+++ b/vault/nomad.tf
@@ -20,6 +20,7 @@ locals {
     "vaultwarden",
     "wikijs",
     "vikunja",
+    "ghostfolio",
   ]
 
 }