staging: tricot compilé avec musl, dans une image docker

Correspond à: Deuxfleurs/tricot#15

cluster/staging/app/core/deploy/tricot.hcl

@@ -21,20 +21,25 @@ job "core-tricot" {
     }
 
     task "server" {
-      driver = "nix2"
+      driver = "docker"
 
       config {
-        packages = [
+        image = "armael/tricot:n6dk1b5xrdww12zf12jbcmihqs6g1brz"
-          "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=9bb505d977cb8bafd8039159241788ff25510d69"
+        network_mode = "host"
+        readonly_rootfs = true
+        ports = [ "http_port", "https_port" ]
+        volumes = [
+          "secrets:/etc/tricot",
         ]
-        command = "tricot"
+        ulimit {
-        # cap_add = [ "net_bind_service" ]  # this doesn't work for whatever reason, so we need to put user = "root" instead
+          nofile = "65535:65535"
+        }
       }
-      user = "root"
 
       resources {
         cpu = 500
         memory = 200
+        memory_max = 500
       }
 
       restart {
@@ -46,17 +51,17 @@ job "core-tricot" {
 
       template {
         data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
-        destination = "etc/tricot/consul-ca.crt"
+        destination = "secrets/consul-ca.crt"
       }
 
       template {
         data = "{{ key \"secrets/consul/consul-client.crt\" }}"
-        destination = "etc/tricot/consul-client.crt"
+        destination = "secrets/consul-client.crt"
       }
 
       template {
         data = "{{ key \"secrets/consul/consul-client.key\" }}"
-        destination = "etc/tricot/consul-client.key"
+        destination = "secrets/consul-client.key"
       }
 
       template {