Move each service to it's own tf file

2-nomad-config/gitea.tf

@@ -0,0 +1,59 @@
+resource "cloudflare_dns_record" "git-othrayte-one" {
+  comment = "git.othrayte.one maps to tailscale fqdn"
+  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
+  type    = "CNAME"
+  name    = "git.othrayte.one"
+  content = "git.tail15856.ts.net"
+  ttl     = 1 # Auto
+}
+
+resource "nomad_job" "gitea" {
+  jobspec = templatefile("gitea.nomad.hcl", {
+    ts_authkey = data.sops_file.secrets.data["tailscale.auth_key"]
+  })
+}
+
+resource "nomad_variable" "gitea" {
+  path = "nomad/jobs/gitea"
+  items = {
+    internal_token = data.sops_file.secrets.data["gitea.internal_token"]
+    jwt_secret     = data.sops_file.secrets.data["gitea.jwt_secret"]
+  }
+}
+
+resource "postgresql_role" "gitea" {
+  name     = "gitea"
+  password = "gitea"
+  login    = true
+}
+
+resource "postgresql_database" "gitea" {
+  name  = "gitea"
+  owner = postgresql_role.gitea.name
+}
+
+resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
+  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
+  depends_on = [data.nomad_plugin.smb]
+  plugin_id  = "smb"
+
+  volume_id = "unraid_appdata_gitea"
+  name      = "unraid_appdata_gitea"
+
+  external_id = "unraid_appdata_gitea"
+
+  capability {
+    access_mode     = "single-node-writer"
+    attachment_mode = "file-system"
+  }
+
+  context = {
+    source = "//192.168.1.192/appdata"
+    subDir = "gitea" # Note: Needs to be manually created on the share
+  }
+
+  secrets = {
+    "username" = "nomad"
+    "password" = data.sops_file.secrets.data["unraid.nomad"]
+  }
+}