job "telemetry" {
  datacenters = ["neptune", "bespin"]
  type = "service"

  group "prometheus" {
    count = 2

    network {
      port "prometheus" {
        static = 9090
      }
    }

    constraint {
      attribute = "${attr.unique.hostname}"
      operator = "set_contains_any"
      value = "concombre,df-ymk"
    }

    task "prometheus" {
      driver = "docker"
      config {
        image = "prom/prometheus:v2.39.0"
        network_mode = "host"
        ports = [ "prometheus" ]
        args = [
          "--config.file=/etc/prometheus/prometheus.yml",
          "--storage.tsdb.path=/data",
          "--storage.tsdb.retention.size=20GB",
        ]
        volumes = [
          "secrets:/etc/prometheus",
          "/mnt/ssd/prometheus:/data"
        ]
      }

      template {
        data = file("../config/prometheus.yml")
        destination = "secrets/prometheus.yml"
      }

      template {
        data = "{{ key \"secrets/consul/consul.crt\" }}"
        destination = "secrets/consul.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
        destination = "secrets/consul-client.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.key\" }}"
        destination = "secrets/consul-client.key"
      }

      template {
        data = "{{ key \"secrets/nomad/nomad.crt\" }}"
        destination = "secrets/nomad.crt"
      }

      template {
        data = "{{ key \"secrets/nomad/nomad-client.crt\" }}"
        destination = "secrets/nomad-client.crt"
      }

      template {
        data = "{{ key \"secrets/nomad/nomad-client.key\" }}"
        destination = "secrets/nomad-client.key"
      }

      resources {
        memory = 501
        cpu = 500
      }

      service {
        port = 9090
        address_mode = "driver"
        name = "prometheus"
        check {
          type = "http"
          path = "/"
          port = 9090
          address_mode = "driver"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
      }
    }
  }

  group "grafana" {
    count = 1

    network {
      port "grafana" {
        static = 3719
      }
    }

    task "restore-db" {
      lifecycle {
        hook = "prestart"
        sidecar = false
      }

      driver = "docker"
      config {
        image = "litestream/litestream:0.3.7"
        args = [
          "restore", "-config", "/etc/litestream.yml", "/ephemeral/grafana.db"
        ]
        volumes = [
          "../alloc/data:/ephemeral",
          "secrets/litestream.yml:/etc/litestream.yml"
        ]
      }
      user = "472"

      template {
        data = file("../config/grafana-litestream.yml")
        destination = "secrets/litestream.yml"
      }

      resources {
        memory = 200
        cpu = 1000
      }
    }

    task "grafana" {
      driver = "docker"
      config {
        image = "grafana/grafana:9.2.0"
        network_mode = "host"
        ports = [ "grafana" ]
        volumes = [
          "../alloc/data:/var/lib/grafana",
          "secrets/prometheus.yaml:/etc/grafana/provisioning/datasources/prometheus.yaml",
          "secrets/ldap.toml:/etc/grafana/ldap.toml"
        ]
      }

      template {
        data = file("../config/grafana-datasource-prometheus.yaml")
        destination = "secrets/prometheus.yaml"
      }

      template {
        data = file("../config/grafana-ldap.toml")
        destination = "secrets/ldap.toml"
      }

      template {
        data = <<EOH
GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource,grafana-piechart-panel,grafana-worldmap-panel,grafana-polystat-panel
GF_SERVER_HTTP_PORT=3719
GF_AUTH_LDAP_ENABLED=true
EOH
        destination = "secrets/env"
        env = true
      }

      resources {
        memory = 501
        cpu = 100
      }

      service {
        tags = [
            "grafana",
            "tricot grafana.deuxfleurs.fr",
        ]
        port = 3719
        address_mode = "driver"
        name = "grafana"
        check {
          type = "tcp"
          port = 3719
          address_mode = "driver"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
      }
    }

    task "replicate-db" {
      driver = "docker"
      config {
        image = "litestream/litestream:0.3.7"
        args = [
          "replicate", "-config", "/etc/litestream.yml"
        ]
        volumes = [
          "../alloc/data:/ephemeral",
          "secrets/litestream.yml:/etc/litestream.yml"
        ]
      }
      user = "472"

      template {
        data = file("../config/grafana-litestream.yml")
        destination = "secrets/litestream.yml"
      }

      resources {
        memory = 200
        cpu = 100
      }
    }
  }
}