diff options
author | Alex Auvolat <alex@adnab.me> | 2022-05-04 17:38:54 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-05-04 17:38:54 +0200 |
commit | 3df47c8440a3b5645733184f72cc4c2f1a46587f (patch) | |
tree | 1bcb53842e26f117dce7339afb8999bc49b8e0a3 /app | |
parent | 72ed2517a9a49352ff97473010892fc54490cd60 (diff) | |
download | nixcfg-3df47c8440a3b5645733184f72cc4c2f1a46587f.tar.gz nixcfg-3df47c8440a3b5645733184f72cc4c2f1a46587f.zip |
Configuration for prod to run on Wesher & other new stuff
Diffstat (limited to 'app')
-rw-r--r-- | app/frontend/deploy/frontend-tricot-prod.hcl | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/app/frontend/deploy/frontend-tricot-prod.hcl b/app/frontend/deploy/frontend-tricot-prod.hcl new file mode 100644 index 0000000..9906709 --- /dev/null +++ b/app/frontend/deploy/frontend-tricot-prod.hcl @@ -0,0 +1,84 @@ +job "frontend" { + datacenters = ["neptune"] + type = "service" + priority = 90 + + group "tricot" { + network { + port "http_port" { static = 80 } + port "https_port" { static = 443 } + } + + task "server" { + driver = "docker" + + config { + image = "lxpz/amd64_tricot:37" + network_mode = "host" + readonly_rootfs = true + ports = [ "http_port", "https_port" ] + volumes = [ + "secrets:/etc/tricot", + ] + } + + resources { + cpu = 2000 + memory = 200 + } + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }} +TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me +TRICOT_ENABLE_COMPRESSION=true +TRICOT_CONSUL_HOST=https://localhost:8501 +TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt +TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +TRICOT_HTTP_BIND_ADDR=[::]:80 +TRICOT_HTTPS_BIND_ADDR=[::]:443 +RUST_LOG=tricot=debug +EOH + destination = "secrets/env" + env = true + } + + service { + name = "tricot-http" + port = "http_port" + tags = [ "(diplonat (tcp_port 80))" ] + address_mode = "host" + } + + service { + name = "tricot-https" + port = "https_port" + tags = [ "(diplonat (tcp_port 443))" ] + address_mode = "host" + } + } + } +} |