Run Tricot as Nix flake instead of Docker image

This commit is contained in:
Alex 2022-12-01 16:04:47 +01:00
parent e4684ae169
commit 9d0a2d8914
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE

View file

@ -15,17 +15,16 @@ job "frontend" {
} }
task "server" { task "server" {
driver = "docker" driver = "nix2"
config { config {
image = "lxpz/amd64_tricot:41" packages = [
network_mode = "host" "git+https://git.deuxfleurs.fr/Deuxfleurs/tricot.git?ref=main&rev=0ae7f5fbd924a293dcd3f1b6b61fc3cc46bd3876"
readonly_rootfs = true
ports = [ "http_port", "https_port" ]
volumes = [
"secrets:/etc/tricot",
] ]
command = "tricot"
# cap_add = [ "net_bind_service" ] # this doesn't work for whatever reason, so we need to put user = "root" instead
} }
user = "root"
resources { resources {
cpu = 2000 cpu = 2000
@ -41,17 +40,17 @@ job "frontend" {
template { template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}" data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt" destination = "etc/tricot/consul-ca.crt"
} }
template { template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}" data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt" destination = "etc/tricot/consul-client.crt"
} }
template { template {
data = "{{ key \"secrets/consul/consul-client.key\" }}" data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key" destination = "etc/tricot/consul-client.key"
} }
template { template {