aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-05-04 17:38:54 +0200
committerAlex Auvolat <alex@adnab.me>2022-05-04 17:38:54 +0200
commit3df47c8440a3b5645733184f72cc4c2f1a46587f (patch)
tree1bcb53842e26f117dce7339afb8999bc49b8e0a3 /app
parent72ed2517a9a49352ff97473010892fc54490cd60 (diff)
downloadnixcfg-3df47c8440a3b5645733184f72cc4c2f1a46587f.tar.gz
nixcfg-3df47c8440a3b5645733184f72cc4c2f1a46587f.zip
Configuration for prod to run on Wesher & other new stuff
Diffstat (limited to 'app')
-rw-r--r--app/frontend/deploy/frontend-tricot-prod.hcl84
1 files changed, 84 insertions, 0 deletions
diff --git a/app/frontend/deploy/frontend-tricot-prod.hcl b/app/frontend/deploy/frontend-tricot-prod.hcl
new file mode 100644
index 0000000..9906709
--- /dev/null
+++ b/app/frontend/deploy/frontend-tricot-prod.hcl
@@ -0,0 +1,84 @@
+job "frontend" {
+ datacenters = ["neptune"]
+ type = "service"
+ priority = 90
+
+ group "tricot" {
+ network {
+ port "http_port" { static = 80 }
+ port "https_port" { static = 443 }
+ }
+
+ task "server" {
+ driver = "docker"
+
+ config {
+ image = "lxpz/amd64_tricot:37"
+ network_mode = "host"
+ readonly_rootfs = true
+ ports = [ "http_port", "https_port" ]
+ volumes = [
+ "secrets:/etc/tricot",
+ ]
+ }
+
+ resources {
+ cpu = 2000
+ memory = 200
+ }
+
+ restart {
+ interval = "30m"
+ attempts = 2
+ delay = "15s"
+ mode = "delay"
+ }
+
+ template {
+ data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+ destination = "secrets/consul-ca.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/consul/consul-client.crt\" }}"
+ destination = "secrets/consul-client.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/consul/consul-client.key\" }}"
+ destination = "secrets/consul-client.key"
+ }
+
+ template {
+ data = <<EOH
+TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }}
+TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
+TRICOT_ENABLE_COMPRESSION=true
+TRICOT_CONSUL_HOST=https://localhost:8501
+TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt
+TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
+TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
+TRICOT_HTTP_BIND_ADDR=[::]:80
+TRICOT_HTTPS_BIND_ADDR=[::]:443
+RUST_LOG=tricot=debug
+EOH
+ destination = "secrets/env"
+ env = true
+ }
+
+ service {
+ name = "tricot-http"
+ port = "http_port"
+ tags = [ "(diplonat (tcp_port 80))" ]
+ address_mode = "host"
+ }
+
+ service {
+ name = "tricot-https"
+ port = "https_port"
+ tags = [ "(diplonat (tcp_port 443))" ]
+ address_mode = "host"
+ }
+ }
+ }
+}