From 178338af00507c89c735b2a9b1f8aef6aac4ceb5 Mon Sep 17 00:00:00 2001
From: Gavin Holahan <gholahan9@gmail.com>
Date: Sun, 26 Jan 2025 17:13:20 +0000
Subject: [PATCH 1/5] Works but cooked

---
 jobs/services/mixpost.hcl | 137 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 jobs/services/mixpost.hcl

diff --git a/jobs/services/mixpost.hcl b/jobs/services/mixpost.hcl
new file mode 100644
index 0000000..0c7698f
--- /dev/null
+++ b/jobs/services/mixpost.hcl
@@ -0,0 +1,137 @@
+job "mixpost" {
+  datacenters = ["aperture"]
+  type        = "service"
+
+  group "mixpost" {
+    network {
+      port "http" {
+        to = 80
+      }
+
+      port "redis" {
+        to = 6379
+      }
+
+      port "db" {
+        to = 3306
+      }
+    }
+
+    service {
+      name = "mixpost"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.port=${NOMAD_PORT_http}",
+        "traefik.http.routers.mixpost.rule=Host(`mixpost.redbrick.dcu.ie`)",
+        "traefik.http.routers.mixpost.entrypoints=web,websecure",
+        "traefik.http.routers.mixpost.tls.certresolver=lets-encrypt",
+        "traefik.http.routers.mixpost.tls.certresolver=mytlschallenge",
+        "traefik.http.middlewares.mixpost.headers.SSLRedirect=true",
+        "traefik.http.middlewares.mixpost.headers.STSSeconds=315360000",
+        "traefik.http.middlewares.mixpost.headers.browserXSSFilter=true",
+        "traefik.http.middlewares.mixpost.headers.contentTypeNosniff=true",
+        "traefik.http.middlewares.mixpost.headers.forceSTSHeader=true",
+        "traefik.http.middlewares.mixpost.headers.SSLHost=`${APP_DOMAIN}`",
+        "traefik.http.middlewares.mixpost.headers.STSIncludeSubdomains=true",
+        "traefik.http.middlewares.mixpost.headers.STSPreload=true"
+      ]
+    }
+
+
+    task "mixpost" {
+      driver = "docker"
+
+      config {
+        image = "inovector/mixpost:latest"
+      ports = ["http"]
+      }
+
+      template {
+        data        = <<EOH
+APP_NAME=MIXPOST
+
+APP_KEY=base64:DGQ7OyZqSW3Fc1+gOL7jWk7ONEZk2VpPKx22gyO3VnM=
+APP_DEBUG=true
+APP_DOMAIN=mixpost.redbrick.dcu.ie
+APP_URL=https://${APP_DOMAIN}
+
+DB_HOST={{ env "NOMAD_IP_db" }}
+DB_PORT={{ env "NOMAD_HOST_PORT_db" }}
+DB_DATABASE={{ key "mixpost/db/name" }}
+DB_USERNAME={{ key "mixpost/db/user" }}
+DB_PASSWORD={{ key "mixpost/db/password" }}
+EOH
+        destination = "local/.env"
+        env         = true
+      }
+    }
+
+    task "mixpost-redis" {
+      driver = "docker"
+
+      config {
+        image = "redis:latest"
+        ports = ["redis"]
+      }
+
+      lifecycle {
+        hook    = "prestart"
+        sidecar = "true"
+      }
+    }
+
+    task "mariadb" {
+      driver = "docker"
+
+      template {
+        data = <<EOH
+MYSQL_ROOT_PASSWORD=password
+MYSQL_DATABASE={{ key "mixpost/db/name" }}
+MYSQL_USER={{ key "mixpost/db/user" }}
+MYSQL_PASSWORD={{ key "mixpost/db/password" }}
+EOH
+
+        destination = "local/file.env"
+        env         = true
+      }
+
+      config {
+        image = "mariadb:latest"
+        ports = ["db"]
+
+        volumes = [
+          "/storage/nomad/mixpost/mysql:/var/lib/mysql",
+          "local/server.cnf:/etc/mysql/mariadb.conf.d/50-server.cnf",
+        ]
+      }
+
+      template {
+        data        = <<EOH
+[server]
+
+[mariadbd]
+
+pid-file                = /run/mysqld/mysqld.pid
+basedir                 = /usr
+
+bind-address            = 0.0.0.0
+
+expire_logs_days        = 10
+
+character-set-server     = utf8mb4
+character-set-collations = utf8mb4=uca1400_ai_ci
+
+[mariadbd]
+        EOH
+        destination = "local/server.cnf"
+      }
+
+      resources {
+        cpu    = 400
+        memory = 800
+      }
+    }
+  }
+}

From 47d31f6198c5db583de71581d65055e4c98dc980 Mon Sep 17 00:00:00 2001
From: Gavin Holahan <gholahan9@gmail.com>
Date: Sun, 26 Jan 2025 17:17:39 +0000
Subject: [PATCH 2/5] No more exposing root password

---
 jobs/services/mixpost.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jobs/services/mixpost.hcl b/jobs/services/mixpost.hcl
index 0c7698f..6df2b87 100644
--- a/jobs/services/mixpost.hcl
+++ b/jobs/services/mixpost.hcl
@@ -87,10 +87,10 @@ EOH
 
       template {
         data = <<EOH
-MYSQL_ROOT_PASSWORD=password
 MYSQL_DATABASE={{ key "mixpost/db/name" }}
 MYSQL_USER={{ key "mixpost/db/user" }}
 MYSQL_PASSWORD={{ key "mixpost/db/password" }}
+MYSQL_RANDOM_ROOT_PASSWORD=yes
 EOH
 
         destination = "local/file.env"

From 4767ac1ea88c5d61a8fd487a713bcf49f0d70d6e Mon Sep 17 00:00:00 2001
From: Gavin Holahan <gholahan9@gmail.com>
Date: Sun, 26 Jan 2025 17:19:52 +0000
Subject: [PATCH 3/5] Regenerated key + no more exposed

---
 jobs/services/mixpost.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jobs/services/mixpost.hcl b/jobs/services/mixpost.hcl
index 6df2b87..3220876 100644
--- a/jobs/services/mixpost.hcl
+++ b/jobs/services/mixpost.hcl
@@ -52,7 +52,7 @@ job "mixpost" {
         data        = <<EOH
 APP_NAME=MIXPOST
 
-APP_KEY=base64:DGQ7OyZqSW3Fc1+gOL7jWk7ONEZk2VpPKx22gyO3VnM=
+APP_KEY={{ key "mixpost/APP_KEY" }}
 APP_DEBUG=true
 APP_DOMAIN=mixpost.redbrick.dcu.ie
 APP_URL=https://${APP_DOMAIN}

From 38c8873e74dece112de6ad983aa8a31f8c57b884 Mon Sep 17 00:00:00 2001
From: Gavin Holahan <gholahan9@gmail.com>
Date: Sun, 26 Jan 2025 19:51:23 +0000
Subject: [PATCH 4/5] Minor Changes

---
 jobs/services/mixpost.hcl | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/jobs/services/mixpost.hcl b/jobs/services/mixpost.hcl
index 3220876..ae58506 100644
--- a/jobs/services/mixpost.hcl
+++ b/jobs/services/mixpost.hcl
@@ -2,6 +2,10 @@ job "mixpost" {
   datacenters = ["aperture"]
   type        = "service"
 
+  meta {
+    domain = "mixpost.redbrick.dcu.ie"
+  }
+
   group "mixpost" {
     network {
       port "http" {
@@ -24,7 +28,7 @@ job "mixpost" {
       tags = [
         "traefik.enable=true",
         "traefik.port=${NOMAD_PORT_http}",
-        "traefik.http.routers.mixpost.rule=Host(`mixpost.redbrick.dcu.ie`)",
+        "traefik.http.routers.mixpost.rule=Host(`${NOMAD_META_domain}`)",
         "traefik.http.routers.mixpost.entrypoints=web,websecure",
         "traefik.http.routers.mixpost.tls.certresolver=lets-encrypt",
         "traefik.http.routers.mixpost.tls.certresolver=mytlschallenge",
@@ -54,7 +58,7 @@ APP_NAME=MIXPOST
 
 APP_KEY={{ key "mixpost/APP_KEY" }}
 APP_DEBUG=true
-APP_DOMAIN=mixpost.redbrick.dcu.ie
+APP_DOMAIN=${NOMAD_META_domain}
 APP_URL=https://${APP_DOMAIN}
 
 DB_HOST={{ env "NOMAD_IP_db" }}
@@ -109,8 +113,6 @@ EOH
 
       template {
         data        = <<EOH
-[server]
-
 [mariadbd]
 
 pid-file                = /run/mysqld/mysqld.pid
@@ -122,8 +124,6 @@ expire_logs_days        = 10
 
 character-set-server     = utf8mb4
 character-set-collations = utf8mb4=uca1400_ai_ci
-
-[mariadbd]
         EOH
         destination = "local/server.cnf"
       }

From 97fd226d8046987fe1cd7d2858a4f98e239c1ec5 Mon Sep 17 00:00:00 2001
From: hypnoant <gholahan9@gmail.com>
Date: Mon, 27 Jan 2025 10:07:52 +0000
Subject: [PATCH 5/5] Additional Env Vars

---
 jobs/services/mixpost.hcl | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/jobs/services/mixpost.hcl b/jobs/services/mixpost.hcl
index ae58506..fcef463 100644
--- a/jobs/services/mixpost.hcl
+++ b/jobs/services/mixpost.hcl
@@ -66,6 +66,23 @@ DB_PORT={{ env "NOMAD_HOST_PORT_db" }}
 DB_DATABASE={{ key "mixpost/db/name" }}
 DB_USERNAME={{ key "mixpost/db/user" }}
 DB_PASSWORD={{ key "mixpost/db/password" }}
+
+REDIS_HOST={{ env "NOMAD_IP_redis" }}
+REDIS_PORT={{ env "NOMAD_HOST_PORT_redis" }}
+
+# MAIL_HOST=
+# MAIL_PORT=
+# MAIL_USERNAME=
+# MAIL_PASSWORD=
+# MAIL_ENCRYPTION=tls
+# MAIL_FROM_ADDRESS=no-reply@redbrick.dcu.ie
+# MAIL_FROM_NAME=${APP_NAME}
+# SSL_EMAIL
+
+# POSSIBLE INTEGRATION WITH MINIO MORE RESEARCH NECESSARY
+# MIXPOST_DISK=s3
+
+
 EOH
         destination = "local/.env"
         env         = true