diff options
| author | Alex Auvolat <alex@adnab.me> | 2023-01-04 09:35:40 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2023-01-04 09:35:40 +0100 |
| commit | c11b6499b8ff35c5a6468cc1e4adb474ea72a963 (patch) | |
| tree | 1832f52dd04c4a8e8e7b033646659517aa9353da /cluster/prod/app/core | |
| parent | 64785600876ca2598763312d8d381ef3b5632891 (diff) | |
| download | nixcfg-c11b6499b8ff35c5a6468cc1e4adb474ea72a963.tar.gz nixcfg-c11b6499b8ff35c5a6468cc1e4adb474ea72a963.zip | |
prod: deploy d53
Diffstat (limited to 'cluster/prod/app/core')
| -rw-r--r-- | cluster/prod/app/core/deploy/core-service.hcl | 64 | ||||
| -rw-r--r-- | cluster/prod/app/core/deploy/core.hcl | 8 |
2 files changed, 71 insertions, 1 deletions
diff --git a/cluster/prod/app/core/deploy/core-service.hcl b/cluster/prod/app/core/deploy/core-service.hcl new file mode 100644 index 0000000..d7a6299 --- /dev/null +++ b/cluster/prod/app/core/deploy/core-service.hcl @@ -0,0 +1,64 @@ +job "core-service" { + datacenters = ["neptune", "orion", "bespin"] + type = "service" + priority = 90 + + group "D53" { + count = 1 + + task "d53" { + driver = "docker" + + config { + image = "lxpz/amd64_d53:2" + network_mode = "host" + readonly_rootfs = true + volumes = [ + "secrets:/etc/d53", + ] + } + + resources { + cpu = 100 + memory = 100 + } + + restart { + interval = "3m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +D53_CONSUL_HOST=https://localhost:8501 +D53_CONSUL_CA_CERT=/etc/d53/consul-ca.crt +D53_CONSUL_CLIENT_CERT=/etc/d53/consul-client.crt +D53_CONSUL_CLIENT_KEY=/etc/d53/consul-client.key +D53_PROVIDERS=deuxfleurs.fr:gandi +D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} +D53_ALLOWED_DOMAINS=deuxfleurs.fr +RUST_LOG=d53=info +EOH + destination = "secrets/env" + env = true + } + } + } +} diff --git a/cluster/prod/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl index 5a28e2e..b59252e 100644 --- a/cluster/prod/app/core/deploy/core.hcl +++ b/cluster/prod/app/core/deploy/core.hcl @@ -147,7 +147,13 @@ EOH service { name = "tricot-https" port = "https_port" - tags = [ "(diplonat (tcp_port 443))", "${meta.site}" ] + tags = [ + "(diplonat (tcp_port 443))", + "${meta.site}", + "d53-aaaa ${meta.site}.site.deuxfleurs.fr", + "d53-a global.site.deuxfleurs.fr", + "d53-aaaa global.site.deuxfleurs.fr", + ] address_mode = "host" } |