job "{{ hashistack_ingress_job_name }}" {
  datacenters = {{ hashistack_ingress_datacenters }}
  type        = "service"
  priority    = 85
  namespace   = {{ hashistack_ingress_namespace }}

  group "haproxy" {
    network {
      mode = "bridge"
      port "http" {
        to     = 80
        static = 80
      }
      port "https" {
        to     = 443
        static = 443
      }
      port "stats" {
        to     = 9000
      }
    }

{% if hashistack_ingress_enable_http %}
    service {
      name = "haproxy-http"
      provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
      port = "http"
      task = "loadbalancer"
      check {
        type     = "http"
        port     = "stats"
        path     = "/health"
        interval = "10s"
        timeout  = "2s"
      }
      tags = []
    }
{% endif %}

{% if hashistack_ingress_enable_https %}
    service {
      name = "haproxy-https"
      provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
      port = "https"
      task = "loadbalancer"
      check {
        type     = "http"
        port     = "stats"
        path     = "/health"
        interval = "10s"
        timeout  = "2s"
      }
      tags = []
    }
{% endif %}

    service {
      name = "haproxy-stats"
      provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
      port = "stats"
      task = "loadbalancer"
      check {
        type     = "http"
        port     = "stats"
        path     = "/health"
        interval = "10s"
        timeout  = "2s"
      }
      tags = []
    }



{% if hashistack_ingress_enable_prometheus_metrics %}
    service {
      name = "loadbalancer-exporter"
      port = "prometheus-exporter"
      task = "loadbalancer"
      tags = []
    }
{% endif %}

    task "keepalived" {
      driver = "docker"
      lifecycle {
        hook    = "poststart"
        sidecar = true
      }
      config {
        image        = "{{ hashistack_ingress_keepalived_image }}:{{ hashistack_ingress_virtual_ip_keepalived_version }}"
        network_mode = "host"
        cap_add = [
          "NET_ADMIN",
          "NET_BROADCAST",
          "NET_RAW"
        ]
        mount {
          type   = "bind"
          source = "secrets/keepalived.conf"
          target = "/etc/keepalived/keepalived.conf"
        }
        mount {
          type   = "bind"
          source = "secrets/chk_haproxy.sh"
          target = "/etc/keepalived/scripts.d/chk_haproxy.sh"
        }
        mount {
          type   = "bind"
          target = "/var/run/docker.sock"
          source = "/var/run/docker.sock"
          readonly = true
        }
      }
      template {
        data        = <<-EOT
{% include "keepalived.conf.j2" %}
EOT
        destination = "secrets/keepalived.conf"
      }
      template {
        data        = <<-EOT
{% include "chk_haproxy.sh.j2" %}
EOT
        destination = "secrets/chk_haproxy.sh"
        perms = "755"
      }
      resources {
        cpu    = 50
        memory = 10
      }
    }

    task "loadbalancer" {
      driver = "docker"
      config {
        image = "{{ hashistack_ingress_haproxy_image }}:{{ hashistack_ingress_virtual_ip_haproxy_version }}"
        mount {
          type   = "bind"
          source = "secrets/haproxy.cfg"
          target = "/usr/local/etc/haproxy/haproxy.cfg"
        }
      }
      template {
        data        = <<-EOT
{% include "haproxy.cfg.j2" %}
EOT
        destination = "secrets/haproxy.cfg"
      }
      resources {
        cpu    = 128
        memory = 256
      }
    }
  }
}