diff options
-rw-r--r-- | cluster/prod/app/cms/config/teabag.env | 11 | ||||
-rw-r--r-- | cluster/prod/app/cms/deploy/cms.hcl | 74 | ||||
-rw-r--r-- | cluster/prod/app/cms/secrets.toml | 17 |
3 files changed, 102 insertions, 0 deletions
diff --git a/cluster/prod/app/cms/config/teabag.env b/cluster/prod/app/cms/config/teabag.env new file mode 100644 index 0000000..1f499f4 --- /dev/null +++ b/cluster/prod/app/cms/config/teabag.env @@ -0,0 +1,11 @@ +HOST=0.0.0.0 +PORT={{ env "NOMAD_PORT_web_port" }} +SESSION_SECRET={{ key "secrets/cms/teabag/session" | trimSpace }} + +GITEA_KEY={{ key "secrets/cms/teabag/gitea_key" | trimSpace }} +GITEA_SECRET={{ key "secrets/cms/teabag/gitea_secret" | trimSpace }} +GITEA_BASE_URL=http://git.deuxfleurs.fr +GITEA_AUTH_URI=login/oauth/authorize +GITEA_TOKEN_URI=login/oauth/access_token +GITEA_USER_URI=api/v1/user +CALLBACK_URI=http://teabag.deuxfleurs.fr/callback diff --git a/cluster/prod/app/cms/deploy/cms.hcl b/cluster/prod/app/cms/deploy/cms.hcl new file mode 100644 index 0000000..1f9f072 --- /dev/null +++ b/cluster/prod/app/cms/deploy/cms.hcl @@ -0,0 +1,74 @@ +job "cms" { + datacenters = ["neptune", "orion"] + type = "service" + + priority = 100 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "auth" { + count = 1 + + network { + port "web_port" { } + } + + task "teabag" { + driver = "docker" + config { + # Using a digest to pin the container as no tag is provided + # https://github.com/denyskon/teabag/pkgs/container/teabag + image = "ghcr.io/denyskon/teabag@sha256:d5af7c6caf172727fbfa047c8ee82f9087ef904f0f3bffdeec656be04e9e0a14" + ports = [ "web_port" ] + volumes = [ + "secrets/teabag.env:/etc/teabag/teabag.env", + ] + } + + template { + data = file("../config/teabag.env") + destination = "secrets/teabag.env" + } + + resources { + memory = 20 + memory_max = 50 + cpu = 50 + } + + service { + name = "teabag" + tags = [ + "teabag", + "tricot teabag.deuxfleurs.fr", + "d53-cname teabag.deuxfleurs.fr", + ] + port = "web_port" + check { + type = "http" + protocol = "http" + port = "web_port" + path = "/" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "600s" + ignore_warnings = false + } + } + } + + restart { + interval = "30m" + attempts = 20 + delay = "15s" + mode = "delay" + } + } + } +} + diff --git a/cluster/prod/app/cms/secrets.toml b/cluster/prod/app/cms/secrets.toml new file mode 100644 index 0000000..115f3e7 --- /dev/null +++ b/cluster/prod/app/cms/secrets.toml @@ -0,0 +1,17 @@ +# HTTP Session Encryption Key +[secrets."cms/teabag/session"] +type = 'command' +rotate = true +command = 'openssl rand -base64 32' + +# Gitea Application Token +[secrets."cms/teabag/gitea_key"] +type = 'user' +description = 'Gitea Application Key' +example = '4fea0...' + +[secrets."cms/teabag/gitea_secret"] +type = 'user' +description = 'Gitea Secret Key' +example = 'gto_bz6f...' + |