aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/core/deploy/core-system.hcl
diff options
context:
space:
mode:
Diffstat (limited to 'cluster/prod/app/core/deploy/core-system.hcl')
-rw-r--r--cluster/prod/app/core/deploy/core-system.hcl257
1 files changed, 0 insertions, 257 deletions
diff --git a/cluster/prod/app/core/deploy/core-system.hcl b/cluster/prod/app/core/deploy/core-system.hcl
deleted file mode 100644
index 004a2ef..0000000
--- a/cluster/prod/app/core/deploy/core-system.hcl
+++ /dev/null
@@ -1,257 +0,0 @@
-job "core" {
- datacenters = ["orion", "neptune", "scorpio"]
- type = "system"
- priority = 90
-
- update {
- max_parallel = 1
- stagger = "5m"
- }
-
- group "diplonat" {
- task "diplonat" {
- driver = "docker"
-
- config {
- image = "lxpz/amd64_diplonat:5"
- network_mode = "host"
- readonly_rootfs = true
- privileged = true
- volumes = [
- "secrets:/etc/diplonat",
- ]
- }
-
- restart {
- interval = "5m"
- attempts = 10
- delay = "15s"
- mode = "delay"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul.crt\" }}"
- destination = "secrets/consul.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.crt\" }}"
- destination = "secrets/consul-client.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.key\" }}"
- destination = "secrets/consul-client.key"
- }
-
- template {
- data = <<EOH
-DIPLONAT_REFRESH_TIME=60
-DIPLONAT_EXPIRATION_TIME=300
-DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
-DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
-DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
-DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
-DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
-RUST_LOG=debug
-EOH
- destination = "secrets/env"
- env = true
- }
-
- resources {
- memory = 100
- memory_max = 200
- }
- }
- }
-
- group "tricot" {
- constraint {
- distinct_property = "${meta.site}"
- value = "1"
- }
-
- network {
- port "http_port" { static = 80 }
- port "https_port" { static = 443 }
- port "metrics_port" { static = 9334 }
- }
-
- task "server" {
- driver = "docker"
-
- config {
- image = "lxpz/amd64_tricot:47"
- network_mode = "host"
- readonly_rootfs = true
- ports = [ "http_port", "https_port" ]
- volumes = [
- "secrets:/etc/tricot",
- ]
- }
-
- resources {
- cpu = 1000
- memory = 200
- memory_max = 500
- }
-
- restart {
- interval = "5m"
- attempts = 10
- delay = "15s"
- mode = "delay"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
- destination = "secrets/consul-ca.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.crt\" }}"
- destination = "secrets/consul-client.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.key\" }}"
- destination = "secrets/consul-client.key"
- }
-
- template {
- data = <<EOH
-TRICOT_NODE_NAME={{ env "attr.unique.hostname" }}
-TRICOT_LETSENCRYPT_EMAIL=prod-sysadmin@deuxfleurs.fr
-TRICOT_ENABLE_COMPRESSION=true
-TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501
-TRICOT_CONSUL_TLS_SKIP_VERIFY=true
-TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
-TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
-TRICOT_HTTP_BIND_ADDR=[::]:80
-TRICOT_HTTPS_BIND_ADDR=[::]:443
-TRICOT_METRICS_BIND_ADDR=[::]:9334
-RUST_LOG=tricot=debug
-EOH
- destination = "secrets/env"
- env = true
- }
-
- service {
- name = "tricot-http"
- port = "http_port"
- tags = [ "(diplonat (tcp_port 80))", "${meta.site}" ]
- address_mode = "host"
- }
-
- service {
- name = "tricot-https"
- port = "https_port"
- tags = [
- "(diplonat (tcp_port 443))",
- "${meta.site}",
- "d53-aaaa ${meta.site}.site.deuxfleurs.fr",
- "d53-a global.site.deuxfleurs.fr",
- "d53-aaaa global.site.deuxfleurs.fr",
- ]
- address_mode = "host"
- }
-
- service {
- name = "tricot-metrics"
- port = "metrics_port"
- address_mode = "host"
- }
- }
- }
-
- group "bottin" {
- constraint {
- distinct_property = "${meta.site}"
- value = "1"
- }
-
- network {
- port "ldap_port" {
- static = 389
- to = 389
- }
- }
-
- task "bottin" {
- driver = "docker"
- config {
- image = "dxflrs/bottin:7h18i30cckckaahv87d3c86pn4a7q41z"
- network_mode = "host"
- readonly_rootfs = true
- ports = [ "ldap_port" ]
- volumes = [
- "secrets/config.json:/config.json",
- "secrets:/etc/bottin",
- ]
- }
-
- restart {
- interval = "5m"
- attempts = 10
- delay = "15s"
- mode = "delay"
- }
-
- resources {
- memory = 100
- memory_max = 200
- }
-
- template {
- data = file("../config/bottin/config.json.tpl")
- destination = "secrets/config.json"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul.crt\" }}"
- destination = "secrets/consul.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.crt\" }}"
- destination = "secrets/consul-client.crt"
- }
-
- template {
- data = "{{ key \"secrets/consul/consul-client.key\" }}"
- destination = "secrets/consul-client.key"
- }
-
- template {
- data = <<EOH
-CONSUL_HTTP_ADDR=https://consul.service.prod.consul:8501
-CONSUL_HTTP_SSL=true
-CONSUL_CACERT=/etc/bottin/consul.crt
-CONSUL_CLIENT_CERT=/etc/bottin/consul-client.crt
-CONSUL_CLIENT_KEY=/etc/bottin/consul-client.key
-EOH
- destination = "secrets/env"
- env = true
- }
-
- service {
- tags = [ "${meta.site}" ]
- port = "ldap_port"
- address_mode = "host"
- name = "bottin"
- check {
- type = "tcp"
- port = "ldap_port"
- interval = "60s"
- timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
- }
- }
- }
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 16:40:11 +0000