diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-04-05 15:50:46 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-04-05 15:50:53 +0200 |
commit | 0e4c641db741c91dd95934b61e70a2f5268b3c7e (patch) | |
tree | 9357d448bec1f937c2ddac9dd605b8989978ccdb | |
parent | c9f122bcd38b0f7d775dbd197aac7dd192f0e653 (diff) | |
download | nixcfg-0e4c641db741c91dd95934b61e70a2f5268b3c7e.tar.gz nixcfg-0e4c641db741c91dd95934b61e70a2f5268b3c7e.zip |
redeploy bagage
-rw-r--r-- | cluster/prod/app/bagage/deploy/bagage.hcl | 86 | ||||
-rw-r--r-- | cluster/prod/app/bagage/secrets.toml | 4 | ||||
-rw-r--r-- | cluster/staging/app/ci/deploy/albatros.hcl | 2 |
3 files changed, 91 insertions, 1 deletions
diff --git a/cluster/prod/app/bagage/deploy/bagage.hcl b/cluster/prod/app/bagage/deploy/bagage.hcl new file mode 100644 index 0000000..c9b7781 --- /dev/null +++ b/cluster/prod/app/bagage/deploy/bagage.hcl @@ -0,0 +1,86 @@ +job "bagage" { + datacenters = ["orion", "neptune"] + type = "service" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + count = 1 + + network { + port "web_port" { + static = 8080 + to = 8080 + } + port "ssh_port" { + static = 2222 + to = 2222 + } + } + + task "server" { + driver = "docker" + config { + image = "superboum/amd64_bagage:v11" + readonly_rootfs = false + network_mode = "host" + volumes = [ + "secrets/id_rsa:/id_rsa" + ] + ports = [ "web_port", "ssh_port" ] + } + + env { + BAGAGE_LDAP_ENDPOINT = "bottin.service.prod.consul:389" + } + + resources { + memory = 200 + cpu = 100 + } + + template { + data = "{{ key \"secrets/bagage/id_rsa\" }}" + destination = "secrets/id_rsa" + } + + service { + name = "bagage-ssh" + port = "ssh_port" + address_mode = "host" + tags = [ + "bagage", + "(diplonat (tcp_port 2222))" + ] + } + + service { + name = "bagage-webdav" + tags = [ + "bagage", + "tricot bagage.deuxfleurs.fr", + "d53-cname bagage.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + address_mode = "host" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/cluster/prod/app/bagage/secrets.toml b/cluster/prod/app/bagage/secrets.toml new file mode 100644 index 0000000..71b760a --- /dev/null +++ b/cluster/prod/app/bagage/secrets.toml @@ -0,0 +1,4 @@ +[secrets."bagage/id_rsa"] +type = 'command' +rotate = true +command = 'ssh-keygen -q -f >(cat) -N "" <<< y 2>/dev/null 1>&2 ; true' diff --git a/cluster/staging/app/ci/deploy/albatros.hcl b/cluster/staging/app/ci/deploy/albatros.hcl index f044b32..6e8d7b5 100644 --- a/cluster/staging/app/ci/deploy/albatros.hcl +++ b/cluster/staging/app/ci/deploy/albatros.hcl @@ -22,7 +22,7 @@ job "albatros" { task "controller" { driver = "docker" config { - image = "dxflrs/albatros:750015b3fff91af8b9b86869411216a06bd13614" + image = "dxflrs/albatros:76c59221d171eb56a2ce2bfa630502ff78eeae74" ports = [ "http" ] volumes = [ "secrets/certs:/var/run/secrets/albatros" |