From 9d0a2d89143b7055ebddb240f1dfa73388589b90 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Thu, 1 Dec 2022 16:04:47 +0100 Subject: [PATCH] Run Tricot as Nix flake instead of Docker image --- .../app/frontend/deploy/frontend-tricot.hcl | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/cluster/staging/app/frontend/deploy/frontend-tricot.hcl b/cluster/staging/app/frontend/deploy/frontend-tricot.hcl index 745e77c..30ee599 100644 --- a/cluster/staging/app/frontend/deploy/frontend-tricot.hcl +++ b/cluster/staging/app/frontend/deploy/frontend-tricot.hcl @@ -15,17 +15,16 @@ job "frontend" { } task "server" { - driver = "docker" + driver = "nix2" config { - image = "lxpz/amd64_tricot:41" - network_mode = "host" - readonly_rootfs = true - ports = [ "http_port", "https_port" ] - volumes = [ - "secrets:/etc/tricot", + packages = [ + "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=0ae7f5fbd924a293dcd3f1b6b61fc3cc46bd3876" ] + command = "tricot" + # cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead } + user = "root" resources { cpu = 2000 @@ -41,17 +40,17 @@ job "frontend" { template { data = "{{ key \"secrets/consul/consul-ca.crt\" }}" - destination = "secrets/consul-ca.crt" + destination = "etc/tricot/consul-ca.crt" } template { data = "{{ key \"secrets/consul/consul-client.crt\" }}" - destination = "secrets/consul-client.crt" + destination = "etc/tricot/consul-client.crt" } template { data = "{{ key \"secrets/consul/consul-client.key\" }}" - destination = "secrets/consul-client.key" + destination = "etc/tricot/consul-client.key" } template {