diff --git a/cluster/staging/app/core/deploy/tricot.hcl b/cluster/staging/app/core/deploy/tricot.hcl index 54be69f..e7aded6 100644 --- a/cluster/staging/app/core/deploy/tricot.hcl +++ b/cluster/staging/app/core/deploy/tricot.hcl @@ -21,20 +21,25 @@ job "core-tricot" { } task "server" { - driver = "nix2" + driver = "docker" config { - packages = [ - "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=9bb505d977cb8bafd8039159241788ff25510d69" + image = "armael/tricot:n6dk1b5xrdww12zf12jbcmihqs6g1brz" + network_mode = "host" + readonly_rootfs = true + ports = [ "http_port", "https_port" ] + volumes = [ + "secrets:/etc/tricot", ] - command = "tricot" - # cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead + ulimit { + nofile = "65535:65535" + } } - user = "root" resources { cpu = 500 memory = 200 + memory_max = 500 } restart { @@ -46,17 +51,17 @@ job "core-tricot" { template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "etc/tricot/consul-ca.crt" + destination = "secrets/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "etc/tricot/consul-client.crt" + destination = "secrets/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "etc/tricot/consul-client.key" + destination = "secrets/consul-client.key" } template {