woodpecker-grpc: fix tls certificate and increase nginx timeout

1 files changed, 9 insertions, 3 deletions

diff --git a/cluster/prod/app/woodpecker-ci/deploy/server.hcl b/cluster/prod/app/woodpecker-ci/deploy/server.hcl
index 982de68..e0788de 100644
--- a/cluster/prod/app/woodpecker-ci/deploy/server.hcl
+++ b/cluster/prod/app/woodpecker-ci/deploy/server.hcl
@@ -93,6 +93,10 @@ EOH
         name = "woodpecker-grpc"
         tags = [
           "woodpecker-grpc",
+          # The tricot tag is necessary for tricot to get us a tls certificate,
+          # but it will not make the grpc endpoint work as tricot cannot
+          # proxy grpc traffic by itself.
+          "tricot woodpecker-grpc.deuxfleurs.fr",
         ]
         port = "grpc_port"
         address_mode = "host"
@@ -120,7 +124,7 @@ http {
     listen 0.0.0.0:14453 ssl;
     listen [::]:14453 ssl;
     http2 on;
-    server_name woodpecker.deuxfleurs.fr;
+    server_name woodpecker-grpc.deuxfleurs.fr;
     resolver 127.0.0.1 valid=30s;
 
     ssl_certificate "/etc/ssl/certs/woodpecker.cert";
@@ -128,6 +132,8 @@ http {
 
     location / {
         grpc_pass grpc://woodpecker-grpc.service.prod.consul:14090;
+        grpc_read_timeout 1800s;
+        grpc_send_timeout 1800s;
     }
   }
 }
@@ -136,11 +142,11 @@ EOH
       }
 
       template {
-        data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
+        data = "{{ with $d := key \"tricot/certs/woodpecker-grpc.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
         destination = "secrets/ssl/certs/woodpecker.key"
       }
       template {
-        data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
+        data = "{{ with $d := key \"tricot/certs/woodpecker-grpc.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
         destination = "secrets/ssl/certs/woodpecker.cert"
       }