ci-actions/deploy-static-site/nomad-job.nix

let
  domain     = builtins.getEnv "DOMAIN";
  siteHash   = builtins.getEnv "SITE_HASH";
  serverImage = builtins.getEnv "SERVER_IMAGE";
  datacenter = builtins.getEnv "DATACENTER";
  s3Bucket   = builtins.getEnv "S3_BUCKET";

  jobId = "site-" + builtins.replaceStrings [ "." ] [ "-" ] domain;

  startupCmd =
    "mkdir -p /var/www && " +
    "aws s3 cp s3://${s3Bucket}/sites/${domain}/${siteHash}.tar.gz - " +
    "| tar xz -C /var/www/ && " +
    "exec static-web-server --port 8080 --root /var/www";

  templateData =
    "{{ with nomadVar \"nomad/jobs\" }}" +
    "AWS_ACCESS_KEY_ID={{ .access_key }}\n" +
    "AWS_SECRET_ACCESS_KEY={{ .secret_key }}\n" +
    "AWS_ENDPOINT_URL={{ .endpoint }}\n" +
    "{{ end }}";

  job = {
    Job = {
      ID          = jobId;
      Name        = jobId;
      Namespace   = "static-sites";
      Type        = "service";
      Datacenters = [ datacenter ];
      Update = {
        MinHealthyTime  = 5000000000;
        HealthyDeadline = 60000000000;
        MaxParallel     = 1;
      };
      TaskGroups = [
        {
          Name  = "site";
          Count = 1;
          Networks = [
            { DynamicPorts = [ { Label = "http"; To = 8080; } ]; }
          ];
          Services = [
            {
              Name      = jobId;
              Provider  = "nomad";
              PortLabel = "http";
              Tags = [
                "traefik.enable=true"
                "traefik.http.routers.${jobId}.rule=Host(`${domain}`)"
                "traefik.http.routers.${jobId}.entrypoints=websecure"
                "traefik.http.routers.${jobId}.tls.certresolver=letsencrypt"
              ];
              Checks = [
                { Type = "http"; Path = "/"; Interval = 5000000000; Timeout = 5000000000; }
              ];
            }
          ];
          Tasks = [
            {
              Name   = "server";
              Driver = "docker";
              Config = {
                image   = serverImage;
                command = "/bin/bash";
                args    = [ "-c" startupCmd ];
                ports   = [ "http" ];
              };
              Templates = [
                {
                  EmbeddedTmpl = templateData;
                  DestPath     = "secrets/s3.env";
                  Envvars      = true;
                }
              ];
              Resources = {
                CPU      = 100;
                MemoryMB = 128;
              };
            }
          ];
        }
      ];
    };
  };
in
builtins.toJSON job