diff options
Diffstat (limited to 'cluster/staging/app/core/deploy')
| -rw-r--r-- | cluster/staging/app/core/deploy/core-service.hcl | 62 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/core-system.hcl | 163 | ||||
| -rw-r--r-- | cluster/staging/app/core/deploy/core.hcl | 71 |
3 files changed, 225 insertions, 71 deletions
diff --git a/cluster/staging/app/core/deploy/core-service.hcl b/cluster/staging/app/core/deploy/core-service.hcl new file mode 100644 index 0000000..3f4b343 --- /dev/null +++ b/cluster/staging/app/core/deploy/core-service.hcl @@ -0,0 +1,62 @@ +job "core-service" { + datacenters = ["neptune"] + type = "service" + priority = 90 + + group "D53" { + count = 1 + + task "d53" { + driver = "nix2" + + config { + packages = [ + "git+https://git.deuxfleurs.fr/lx/D53.git?ref=main&rev=ed2653ae7dba9c072dcca1aed03b7cda0d910c85" + ] + command = "d53" + } + + resources { + cpu = 100 + memory = 100 + } + + restart { + interval = "3m" + attempts = 10 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/tricot/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/tricot/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/tricot/consul-client.key" + } + + template { + data = <<EOH +D53_CONSUL_HOST=https://localhost:8501 +D53_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt +D53_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +D53_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +D53_PROVIDER=gandi +D53_GANDI_API_KEY={{ key "secrets/d53/gandi_api_key" }} +D53_ALLOWED_DOMAINS=staging.deuxfleurs.org +RUST_LOG=d53=info +EOH + destination = "secrets/env" + env = true + } + } + } +} diff --git a/cluster/staging/app/core/deploy/core-system.hcl b/cluster/staging/app/core/deploy/core-system.hcl new file mode 100644 index 0000000..eb34008 --- /dev/null +++ b/cluster/staging/app/core/deploy/core-system.hcl @@ -0,0 +1,163 @@ +job "core-system" { + datacenters = ["neptune"] + type = "system" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + update { + max_parallel = 1 + stagger = "1m" + } + + group "diplonat" { + task "diplonat" { + driver = "nix2" + + config { + packages = [ + "#iptables", + "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6" + ] + command = "diplonat" + } + user = "root" + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/diplonat/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/diplonat/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/diplonat/consul-client.key" + } + + template { + data = <<EOH +DIPLONAT_REFRESH_TIME=60 +DIPLONAT_EXPIRATION_TIME=300 +DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} +DIPLONAT_CONSUL_URL=https://localhost:8501 +DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt +DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt +DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key +RUST_LOG=debug +EOH + destination = "secrets/env" + env = true + } + + resources { + memory = 40 + } + } + } + + group "tricot" { + network { + port "http_port" { static = 80 } + port "https_port" { static = 443 } + port "metrics_port" { static = 9334 } + } + + task "server" { + driver = "nix2" + + config { + packages = [ + "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=752593e2747f64a8f14de3484ab085ed5f65cd40" + ] + command = "tricot" + # cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead + } + user = "root" + + resources { + cpu = 2000 + memory = 200 + } + + restart { + interval = "30m" + attempts = 2 + delay = "15s" + mode = "delay" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "etc/tricot/consul-ca.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "etc/tricot/consul-client.crt" + } + + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "etc/tricot/consul-client.key" + } + + template { + data = <<EOH +TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }} +TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me +TRICOT_ENABLE_COMPRESSION=true +TRICOT_CONSUL_HOST=https://localhost:8501 +TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt +TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt +TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key +TRICOT_HTTP_BIND_ADDR=[::]:80 +TRICOT_HTTPS_BIND_ADDR=[::]:443 +TRICOT_METRICS_BIND_ADDR=[::]:9334 +RUST_LOG=tricot=debug +EOH + destination = "secrets/env" + env = true + } + + service { + name = "tricot-http" + port = "http_port" + tags = [ + "d53-aaaa deuxfleurs.org ${meta.site}.site.staging", + "d53-aaaa deuxfleurs.org staging", + # "(diplonat (tcp_port 80))" + ] + address_mode = "host" + } + + service { + name = "tricot-https" + port = "https_port" + tags = [ + # "(diplonat (tcp_port 443))" + ] + address_mode = "host" + } + + service { + name = "tricot-metrics" + port = "metrics_port" + address_mode = "host" + } + } + } +} diff --git a/cluster/staging/app/core/deploy/core.hcl b/cluster/staging/app/core/deploy/core.hcl deleted file mode 100644 index e604c24..0000000 --- a/cluster/staging/app/core/deploy/core.hcl +++ /dev/null @@ -1,71 +0,0 @@ -job "core" { - datacenters = ["dc1", "neptune"] - type = "system" - priority = 90 - - constraint { - attribute = "${attr.cpu.arch}" - value = "amd64" - } - - update { - max_parallel = 1 - stagger = "1m" - } - - group "network" { - task "diplonat" { - driver = "nix2" - - config { - packages = [ - "#iptables", - "git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=f306e8dc8d0e93478353ce39b6064e8c06a8bca6" - ] - command = "diplonat" - } - user = "root" - - restart { - interval = "30m" - attempts = 2 - delay = "15s" - mode = "delay" - } - - template { - data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/diplonat/consul-ca.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/diplonat/consul-client.crt" - } - - template { - data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/diplonat/consul-client.key" - } - - template { - data = <<EOH -DIPLONAT_REFRESH_TIME=60 -DIPLONAT_EXPIRATION_TIME=300 -DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }} -DIPLONAT_CONSUL_URL=https://localhost:8501 -DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul-ca.crt -DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt -DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key -RUST_LOG=debug -EOH - destination = "secrets/env" - env = true - } - - resources { - memory = 40 - } - } - } -} |