diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-08-24 17:31:08 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-08-24 17:31:08 +0200 |
| commit | cfb1d623d9711156a1195312afa5cebadc8a6697 (patch) | |
| tree | 78acc1e564d2e0e053f9be21ac5b0ec29f48048e /cluster/prod/app/frontend/deploy/frontend-tricot.hcl | |
| parent | a0c8280c02855fa2731d3f89df1dec0ae9627990 (diff) | |
| download | nixcfg-cfb1d623d9711156a1195312afa5cebadc8a6697.tar.gz nixcfg-cfb1d623d9711156a1195312afa5cebadc8a6697.zip | |
Reconfigure services to use correct tricot url, TLS fails
Diffstat (limited to 'cluster/prod/app/frontend/deploy/frontend-tricot.hcl')
| -rw-r--r-- | cluster/prod/app/frontend/deploy/frontend-tricot.hcl | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/cluster/prod/app/frontend/deploy/frontend-tricot.hcl b/cluster/prod/app/frontend/deploy/frontend-tricot.hcl new file mode 100644 index 0000000..904e9fb --- /dev/null +++ b/cluster/prod/app/frontend/deploy/frontend-tricot.hcl @@ -0,0 +1,90 @@ +job "frontend" { + datacenters = ["neptune"] + type = "service" + priority = 90 + + group "tricot" { + # Temporarily pin to single machine, remove this later + constraint { + attribute = "${attr.unique.hostname}" + value = "courgette" + } + + network { + port "http_port" { static = 80 } + port "https_port" { static = 443 } + } + + task "server" { + driver = "docker" + + config { + image = "lxpz/amd64_tricot:41" + network_mode = "host" + readonly_rootfs = true + ports = [ "http_port", "https_port" ] + volumes = [ + "secrets:/etc/tricot", + ] + } + + resources { + cpu = 2000 + memory = 200 + } + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul.crt\" }}" + destination = "secrets/consul.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/consul-client.key" + } + + template { + data = <<EOH +TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }} +TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me +TRICOT_ENABLE_COMPRESSION=true +TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501 +TRICOT_CONSUL_CA_CERT=/etc/tricot/consul.crt +TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +TRICOT_HTTP_BIND_ADDR=[::]:80 +TRICOT_HTTPS_BIND_ADDR=[::]:443 +RUST_LOG=tricot=debug +EOH + destination = "secrets/env" + env = true + } + + service { + name = "tricot-http" + port = "http_port" + tags = [ "(diplonat (tcp_port 80))" ] + address_mode = "host" + } + + service { + name = "tricot-https" + port = "https_port" + tags = [ "(diplonat (tcp_port 443))" ] + address_mode = "host" + } + } + } +} |