Adrian Cowan
e695485353
All checks were successful
CI / Terraform fmt + validate (pull_request) Successful in 27s
CI / Nomad job spec validate (pull_request) Successful in 22s
CI / Docker image pull validation (pull_request) Successful in 16s
CI / Terraform fmt + validate (push) Successful in 23s
CI / Nomad job spec validate (push) Successful in 22s
CI / Docker image pull validation (push) Has been skipped
- traefik: TCP → HTTP check on /ping (enable ping entrypoint) - gitea: check path → /api/healthz - jellyfin: TCP → HTTP check on /health - glance: TCP → HTTP check on / - sonarr/prowlarr: check path / → /ping (×2 checks each) - ntfy/transfer/deluge/openreader/authelia/pgadmin: add name and port to existing checks - postgres: remove invalid TCP check (Connect-enabled service) - unifi: TCP → script check via curl (macvlan host isolation workaround)
71 lines
2.0 KiB
HCL
71 lines
2.0 KiB
HCL
job "unifi-network" {
|
|
group "unifi-network" {
|
|
count = 1
|
|
|
|
task "unifi-controller" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "jacobalberty/unifi:v9.5.21"
|
|
|
|
// Fixed IP on the actual network so that devices can find it
|
|
network_mode = "macvlan"
|
|
ipv4_address = "192.168.1.50"
|
|
}
|
|
|
|
env {
|
|
TZ = "Australia/Melbourne"
|
|
SYSTEM_IP = "192.168.1.50"
|
|
JVM_INIT_HEAP_SIZE = "1024M"
|
|
JVM_MAX_HEAP_SIZE = "1024M"
|
|
UNIFI_STDOUT = "true"
|
|
}
|
|
|
|
# Register in Consul so Traefik and health checks can find it.
|
|
# address_mode=driver uses the macvlan IP (192.168.1.50) rather than the host IP.
|
|
service {
|
|
name = "unifi-network"
|
|
port = 8443
|
|
address_mode = "driver"
|
|
|
|
# TCP/HTTP checks from the Consul agent can't reach the macvlan IP (host↔macvlan
|
|
# isolation). Use a script check instead — it runs inside the container via
|
|
# docker exec and connects to localhost:8443 directly.
|
|
check {
|
|
name = "alive"
|
|
type = "script"
|
|
command = "/usr/bin/curl"
|
|
args = ["-sk", "--max-time", "5", "-o", "/dev/null", "https://localhost:8443"]
|
|
interval = "30s"
|
|
timeout = "10s"
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "unraid_appdata_unifi_network"
|
|
destination = "/unifi" # Expected root directory (contains data, log, cert subdirs)
|
|
read_only = false
|
|
}
|
|
|
|
resources {
|
|
cpu = 200
|
|
memory = 1850
|
|
memory_max = 2500
|
|
}
|
|
}
|
|
|
|
# CSI volume for UniFi Controller persistent data/logs
|
|
volume "unraid_appdata_unifi_network" {
|
|
type = "csi"
|
|
read_only = false
|
|
source = "unraid_appdata_unifi_network"
|
|
access_mode = "single-node-writer"
|
|
attachment_mode = "file-system"
|
|
|
|
mount_options {
|
|
mount_flags = ["uid=0", "gid=0"]
|
|
}
|
|
}
|
|
}
|
|
}
|