job "tiddlypwa" {
  datacenters = ["alo"]

  group "server" {
    volume "code" {
      type = "host"
      read_only = true
      source = "code"
    }
    volume "appdata" {
      type = "host"
      read_only = false
      source = "appdata"
    }
    volume "nix-store" {
      type = "host"
      read_only = true
      source = "nix-store"
    }
    volume "sw" {
      type = "host"
      read_only = true
      source = "sw"
    }
    volume "sw" {
      type = "host"
      read_only = true
      source = "sw"
    }

    network {
        port "http" { }
    }

    task "sync" {
      driver = "exec"

      config {
        command = "/sw/bin/deno"
        args = [
            "run",
            "--unstable-broadcast-channel",
            "--allow-env",
            "--allow-read=/appdata/tiddlypwa",
            "--allow-write=/appdata/tiddlypwa",
            "--allow-net=:${NOMAD_PORT_http}",
            "/code/tiddlypwa/server/run.ts",
            "--port=${NOMAD_PORT_http}",
        ]
      }

      env {
        ADMIN_PASSWORD_HASH = "T2JTyY9jplOqXO5FwnLmPpUu79SXOOW7hav9moTQuD4"
        ADMIN_PASSWORD_SALT = "SB_uRmIlJPPssPWyOUEip-HwQZJZn1q2A6QA8ptB7aY"
        DB_PATH = "/appdata/tiddlypwa/tiddly.db"
      }

      volume_mount {
        volume = "code"
        destination = "/code"
      }
      volume_mount {
        volume = "appdata"
        destination = "/appdata"
      }
      volume_mount {
        volume = "nix-store"
        destination = "/nix/store"
      }
      volume_mount {
        volume = "sw"
        destination = "/sw"
      }

      service {
        name = "tiddlypwa"
        port = "http"
        tags = [
          "traefik.enable=true",
          "traefik.http.routers.whoami.rule=Host(`wiki.alo.land`)",
          "traefik.http.routers.whoami.entryPoints=websecure",
          #"traefik.http.routers.whoami.middlewares=authentik@file",
        ]
      }
    }
  }
}