dashboard / nomad / feat: add silverbullet #3 rss

accepted · opened on 2025-02-01 by in0rdr_
Help
checkout latest patchset: 
ssh pr.in0rdr.ch print pr-3 | git am -3
checkout any patchset in a patch request: 
ssh pr.in0rdr.ch print ps-X | git am -3
add changes to patch request: 
git format-patch main --stdout | ssh pr.in0rdr.ch pr add 3
add review to patch request: 
git format-patch main --stdout | ssh pr.in0rdr.ch pr add --review 3
accept PR: 
ssh pr.in0rdr.ch pr accept 3
close PR: 
ssh pr.in0rdr.ch pr close 3

Logs

in0rdr_ created pr with ps-3 on 2025-02-01
in0rdr_ changed status on 2025-02-01 {"status":"accepted"}

Patchsets

ps-3 by in0rdr_ on 2025-02-01T16:40:44Z

Patchset ps-3

feat: add silverbullet

Andreas Gruhler
2025-02-01
hcl/default/silverbullet/data-volume.hcl
+31 -0
hcl/default/silverbullet/silverbullet.nomad
+89 -0
hcl/default/silverbullet/templates/nginx.conf.tmpl
+10 -0
Back to top

feat: add silverbullet

hcl/default/silverbullet/data-volume.hcl link
+31 -0 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

diff --git a/hcl/default/silverbullet/data-volume.hcl b/hcl/default/silverbullet/data-volume.hcl
new file mode 100644
index 0000000..63180a5
--- /dev/null
+++ b/hcl/default/silverbullet/data-volume.hcl
@@ -0,0 +1,31 @@
+# Register external nfs volume with Nomad CSI
+# https://www.nomadproject.io/docs/commands/volume/register
+type = "csi"
+# Unique ID of the volume, volume.source field in a job
+id = "silverbullet"
+# Display name of the volume.
+name = "silverbullet"
+# ID of the physical volume from the storage provider
+external_id = "csi-silverbullet"
+plugin_id = "nfs"
+
+# You must provide at least one capability block
+# You must provide a block for each capability
+# youintend to use in a job's volume block
+# https://www.nomadproject.io/docs/commands/volume/register
+capability {
+  access_mode = "multi-node-multi-writer"
+  attachment_mode = "file-system"
+}
+
+# https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md
+context {
+  server = "turris"
+  share = "csi-silverbullet"
+}
+
+mount_options {
+  # mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
+  mount_flags = ["nolock"]
+}
+
hcl/default/silverbullet/silverbullet.nomad link
+89 -0 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

diff --git a/hcl/default/silverbullet/silverbullet.nomad b/hcl/default/silverbullet/silverbullet.nomad
new file mode 100644
index 0000000..c6077ec
--- /dev/null
+++ b/hcl/default/silverbullet/silverbullet.nomad
@@ -0,0 +1,89 @@
+# https://silverbullet.md/Install/Docker
+job "silverbullet" {
+  datacenters = ["dc1"]
+
+  vault {}
+
+  group "server" {
+    count = 1
+
+    volume "silverbullet" {
+      type = "csi"
+      source = "silverbullet"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+    volume "tls" {
+      type = "csi"
+      source = "certbot"
+      access_mode = "multi-node-multi-writer"
+      attachment_mode = "file-system"
+    }
+
+    network {
+      port "http" {
+        to = 3000
+      }
+      port "https" {
+        static = 44407
+      }
+    }
+
+    task "silverbullet" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/zefhemel/silverbullet:latest"
+        ports = ["http"]
+      }
+
+      template {
+        destination = "${NOMAD_SECRETS_DIR}/silverbullet.env"
+        env = true
+        data = <<EOT
+SB_USER = "{{with secret "kv/silverbullet"}}{{index .Data.data.sb_user}}{{end}}"
+EOT
+      }
+
+      volume_mount {
+        volume = "silverbullet"
+        destination = "/space"
+      }
+
+      resources {
+        memory = 256
+        memory_max = 512
+        cpu    = 250
+      }
+    }
+
+    task "nginx" {
+      driver = "podman"
+
+      config {
+        image = "docker.io/library/nginx:stable-alpine"
+        ports = ["https"]
+        volumes = [
+          # mount the templated config from the task directory to the container
+          "local/silverbullet.conf:/etc/nginx/conf.d/silverbullet.conf",
+        ]
+      }
+
+      volume_mount {
+        volume = "tls"
+        destination = "/etc/letsencrypt"
+      }
+
+      template {
+        destination = "${NOMAD_TASK_DIR}/silverbullet.conf"
+        data = file("./templates/nginx.conf.tmpl")
+      }
+
+      resources {
+        memory = 50
+        memory_max = 128
+        cpu    = 200
+      }
+    }
+  }
+}
hcl/default/silverbullet/templates/nginx.conf.tmpl link
+10 -0 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

diff --git a/hcl/default/silverbullet/templates/nginx.conf.tmpl b/hcl/default/silverbullet/templates/nginx.conf.tmpl
new file mode 100644
index 0000000..746b0c0
--- /dev/null
+++ b/hcl/default/silverbullet/templates/nginx.conf.tmpl
@@ -0,0 +1,10 @@
+server {
+    listen               {{ env "NOMAD_PORT_https" }} ssl;
+
+    ssl_certificate      /etc/letsencrypt/live/notes.in0rdr.ch/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/notes.in0rdr.ch/privkey.pem;
+
+    location / {
+        proxy_pass       http://{{ env "NOMAD_ADDR_http" }};
+    }
+}