staging: run bottin as nix job

This commit is contained in:
Alex 2022-12-01 22:49:55 +01:00
parent bc88622ea2
commit e67b460ae2
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE

View file

@ -14,22 +14,18 @@ job "directory" {
network { network {
port "ldap_port" { port "ldap_port" {
static = 389 static = 389
to = 389
} }
} }
task "bottin" { task "bottin" {
driver = "docker" driver = "nix2"
config { config {
image = "superboum/bottin_amd64:22" packages = [
network_mode = "host" "git+https://git.deuxfleurs.fr/Deuxfleurs/bottin.git?ref=main&rev=9cab98d2cee386ece54b000bbdf2346da8b55eed"
readonly_rootfs = true
ports = [ "ldap_port" ]
volumes = [
"secrets/config.json:/config.json",
"secrets:/etc/bottin",
] ]
command = "bottin"
} }
user = "root" # needed to bind port 389
resources { resources {
memory = 100 memory = 100
@ -37,22 +33,22 @@ job "directory" {
template { template {
data = file("../config/bottin/config.json.tpl") data = file("../config/bottin/config.json.tpl")
destination = "secrets/config.json" destination = "config.json"
} }
template { template {
data = "{{ key \"secrets/consul/consul-ca.crt\" }}" data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
destination = "secrets/consul-ca.crt" destination = "etc/bottin/consul-ca.crt"
} }
template { template {
data = "{{ key \"secrets/consul/consul-client.crt\" }}" data = "{{ key \"secrets/consul/consul-client.crt\" }}"
destination = "secrets/consul-client.crt" destination = "etc/bottin/consul-client.crt"
} }
template { template {
data = "{{ key \"secrets/consul/consul-client.key\" }}" data = "{{ key \"secrets/consul/consul-client.key\" }}"
destination = "secrets/consul-client.key" destination = "etc/bottin/consul-client.key"
} }
template { template {
@ -70,7 +66,6 @@ EOH
service { service {
tags = ["bottin"] tags = ["bottin"]
port = "ldap_port" port = "ldap_port"
address_mode = "host"
name = "bottin" name = "bottin"
check { check {
type = "tcp" type = "tcp"