diff options
author | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:56:13 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 20:56:13 +0100 |
commit | 5ea4cef2946a71467c519db803cd1c31f1ffff20 (patch) | |
tree | 5eb1f5ddd1f06650511f1b1442d50112427b0fa6 /app | |
parent | b00a8358b20ac99912bacafd8fee5466da257e67 (diff) | |
download | nixcfg-5ea4cef2946a71467c519db803cd1c31f1ffff20.tar.gz nixcfg-5ea4cef2946a71467c519db803cd1c31f1ffff20.zip |
Enable TLS for Consul
Diffstat (limited to 'app')
-rw-r--r-- | app/core/deploy/core.hcl | 24 | ||||
-rw-r--r-- | app/frontend/deploy/frontend-tricot.hcl | 24 |
2 files changed, 46 insertions, 2 deletions
diff --git a/app/core/deploy/core.hcl b/app/core/deploy/core.hcl index fd4176a..f57f21d 100644 --- a/app/core/deploy/core.hcl +++ b/app/core/deploy/core.hcl @@ -18,9 +18,12 @@ job "core" { driver = "docker" config { - image = "lxpz/amd64_diplonat:2" + image = "lxpz/amd64_diplonat:3" network_mode = "host" readonly_rootfs = true + volumes = [ + "secrets:/etc/diplonat", + ] } restart { @@ -31,10 +34,29 @@ job "core" { } template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { data = <<EOH DIPLONAT_REFRESH_TIME=60 DIPLONAT_EXPIRATION_TIME=300 DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://localhost:8501 +DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key RUST_LOG=debug EOH destination = "secrets/env" diff --git a/app/frontend/deploy/frontend-tricot.hcl b/app/frontend/deploy/frontend-tricot.hcl index 4e35d0d..d20ff40 100644 --- a/app/frontend/deploy/frontend-tricot.hcl +++ b/app/frontend/deploy/frontend-tricot.hcl @@ -14,10 +14,13 @@ job "frontend" { driver = "docker" config { - image = "lxpz/amd64_tricot:25" + image = "lxpz/amd64_tricot:27" network_mode = "host" readonly_rootfs = true ports = [ "http_port", "https_port", "admin_port" ] + volumes = [ + "secrets:/etc/tricot", + ] } resources { @@ -33,10 +36,29 @@ job "frontend" { } template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { data = <<EOH TRICOT_NODE_NAME={{ env "attr.unique.hostname" }} TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me TRICOT_ENABLE_COMPRESSION=true +TRICOT_CONSUL_HOST=https://localhost:8501 +TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt +TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key RUST_LOG=tricot=trace EOH destination = "secrets/env" |